016c02b11ed14355d4b5463e31ffaf232753bf8756d796b23347ea1ed406aa1b | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-01-2024 19:46

Sharing

Report Analysis Logs

General

Target

HIROSHI3.exe
Size

543KB
MD5

891cb442484c2fbde98cdc96ec19a1f1
SHA1

de547b47ae112d0a9a2c6be3109f85bf9ceec005
SHA256

016c02b11ed14355d4b5463e31ffaf232753bf8756d796b23347ea1ed406aa1b
SHA512

052368cf74a5a73c324a620b4dd50873459e65bf94c875567cac096d66de5c3fd274d13736124dcc1bef2419d94c46f2265e93fbb352f5b257c423a228fa0556
SSDEEP

6144:zNBI5vXYuwMvq6iARr1NGHI9lChOrEf7dhdaN1DiBoAm:zN+5vYu5DiCPlgOrQ7FGBAm

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1792	1520	WerFault.exe	13

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1792	1520	HIROSHI3.exe	28
PID 1520 wrote to memory of 1792	1520	HIROSHI3.exe	28
PID 1520 wrote to memory of 1792	1520	HIROSHI3.exe	28
PID 1520 wrote to memory of 1792	1520	HIROSHI3.exe	28

C:\Users\Admin\AppData\Local\Temp\HIROSHI3.exe
"C:\Users\Admin\AppData\Local\Temp\HIROSHI3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 36
  2⤵
  - Program crash
  PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download