75878961dbba46c51e2919a3bb4da313c7eba662633981ca1f4188ce4f26d464 | Triage

Analysis

max time kernel
82s
max time network
34s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 22:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Anti_Attack.exe
Size

1.3MB
MD5

085089a24ca9890361c029a639f7e409
SHA1

f4ca57ddb4f78f015873534e455595fdbedb0fbe
SHA256

75878961dbba46c51e2919a3bb4da313c7eba662633981ca1f4188ce4f26d464
SHA512

b7fb0c353fb2241758079df0b9881917487c56898512db20a52d5bdd465a69521de3739339556111d0a2310f281728f8f6a661bcde403fd34d2a86126fb89773
SSDEEP

24576:ldUdOHD+VhWdbg2bQzbSaYq5D3mRj7rWd0:BD+VodNQaGyr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2704	2992	Anti_Attack.exe	29
PID 2992 wrote to memory of 2704	2992	Anti_Attack.exe	29
PID 2992 wrote to memory of 2704	2992	Anti_Attack.exe	29

C:\Users\Admin\AppData\Local\Temp\Anti_Attack.exe
"C:\Users\Admin\AppData\Local\Temp\Anti_Attack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2992 -s 504
  2⤵
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2992-0-0x0000000000AE0000-0x0000000000C26000-memory.dmp

Filesize
1.3MB

Download
memory/2992-1-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download
memory/2992-2-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download