0122ddecc0c570065937be6ef2ce6b615e9a9d166c79f1852e819c02bd06e641 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/12/2023, 20:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tu_programa.exe
Size

118KB
MD5

f864c2e5f94eb90f74f1659e27e3081b
SHA1

1eeb819b0e0fa906e20817260a602d20033c6a5a
SHA256

0122ddecc0c570065937be6ef2ce6b615e9a9d166c79f1852e819c02bd06e641
SHA512

0489ff0b873010a398b82bc95b63d80372389bb72d1db0f3e3d7a9b5acb7a26a3df68e859f1c6d43a5a22352f6cf90aaca0c0628053cb3ae3a2059e2f63136e7
SSDEEP

1536:rN3PklDTVDTvWQP1f4/XgJgXHKPJnTvWhCZM5zhjSoBIjhU2aruxNmppuF5:rN38OA1f4/dKT4gwuOuF5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3068	2988	tu_programa.exe	29
PID 2988 wrote to memory of 3068	2988	tu_programa.exe	29
PID 2988 wrote to memory of 3068	2988	tu_programa.exe	29

C:\Users\Admin\AppData\Local\Temp\tu_programa.exe
"C:\Users\Admin\AppData\Local\Temp\tu_programa.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2988 -s 264
  2⤵
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2988-0-0x000000013F8F0000-0x000000013F913000-memory.dmp

Filesize
140KB

Download