14adb72691a2ca5387ad48f4087e477f9ee8c5ee1f8c07853b71dad13bc5416c | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 01:10

Sharing

Report Analysis Logs

General

Target

Joyeuse.exe
Size

295KB
MD5

9f2d9fbdf3b0a4b0fe6d9278f29bea55
SHA1

a75501166cc7881fa2c29a8f65dd44b1d34de298
SHA256

14adb72691a2ca5387ad48f4087e477f9ee8c5ee1f8c07853b71dad13bc5416c
SHA512

28911e1e36695d554cfe0cbcc5b0f745db0d63acf1bb56aa2d33b0f99928817687b2a1b54b3f429ca1a2fa0de7e793d2961de728b7b37a5e5aeecb88a6f2c235
SSDEEP

6144:5YtrDdIZG2nqJElpL3im9+3Kz9BngKbtPLLd5MvDOhwU:5S6TnSEl1yt6zzng0L3wU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2668	1696	Joyeuse.exe	28
PID 1696 wrote to memory of 2668	1696	Joyeuse.exe	28
PID 1696 wrote to memory of 2668	1696	Joyeuse.exe	28

C:\Users\Admin\AppData\Local\Temp\Joyeuse.exe
"C:\Users\Admin\AppData\Local\Temp\Joyeuse.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1696 -s 532
  2⤵
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1696-0-0x000000013F750000-0x000000013F79E000-memory.dmp

Filesize
312KB

Download
memory/1696-1-0x000007FEF5B20000-0x000007FEF650C000-memory.dmp

Filesize
9.9MB

Download
memory/1696-2-0x000007FEF5B20000-0x000007FEF650C000-memory.dmp

Filesize
9.9MB

Download
memory/1696-3-0x000007FEF5B20000-0x000007FEF650C000-memory.dmp

Filesize
9.9MB

Download