090f4f7366bc407348c3f0761b39e57b061e7d4b4bdc8178b4dae49e8164e7c0 | Triage

Analysis

max time kernel
17s
max time network
19s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
20/11/2023, 21:15

Sharing

Report Analysis Logs

General

Target

Apex.exe
Size

26KB
MD5

e529b15be1cc1d1dddb37805bf45e6ea
SHA1

13f9680f5285237e43b2c5dc4b1833d250c7d03d
SHA256

090f4f7366bc407348c3f0761b39e57b061e7d4b4bdc8178b4dae49e8164e7c0
SHA512

49689ecc110411c7f24d1dfd9b26cb5e4149a8afefeb9e4514791d2c4fede3d741ec1a3638c3af7f69017fa308e0543807a50636ca0b53aff8bf8a9bfec4699c
SSDEEP

768:tEHP8DqBn3HQVOa9M41v1WbV2FSgm3Hrd9:tEHP8DqyImC0FSX3r

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2456	2000	Apex.exe	29
PID 2000 wrote to memory of 2456	2000	Apex.exe	29
PID 2000 wrote to memory of 2456	2000	Apex.exe	29

C:\Users\Admin\AppData\Local\Temp\Apex.exe
"C:\Users\Admin\AppData\Local\Temp\Apex.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2000 -s 536
  2⤵
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-0-0x0000000000340000-0x000000000034C000-memory.dmp

Filesize
48KB

Download
memory/2000-1-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

Filesize
9.9MB

Download
memory/2000-2-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

Filesize
9.9MB

Download