1d34b8ac346f1f3cfd3ff956c0f9e069c6fe7cb61e89a20c9ae5c8a3e9ee5745 | Triage

Analysis

max time kernel
1s
max time network
5s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 18:51

Sharing

Report Analysis Logs

General

Target

CryptoObfuscator.exe
Size

1.6MB
MD5

57aa4a87e948b2b6bae83f98c7ff84c2
SHA1

9058977133ccb7a058c39dd700e3bfe82d69f942
SHA256

1d34b8ac346f1f3cfd3ff956c0f9e069c6fe7cb61e89a20c9ae5c8a3e9ee5745
SHA512

1b5ff9d91009b6702396b0beab66094aab2e1811259f7b8cf3e97267e1b66f9e101b19046cb291867d9281e943868f93fff7c00ca52d04eac1d51b6bf3ae2a14
SSDEEP

49152:RySid9l5Pf6LhwvVT1YVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVuVdXlN:iPn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 3020	2644	CryptoObfuscator.exe	28
PID 2644 wrote to memory of 3020	2644	CryptoObfuscator.exe	28
PID 2644 wrote to memory of 3020	2644	CryptoObfuscator.exe	28

C:\Users\Admin\AppData\Local\Temp\CryptoObfuscator.exe
"C:\Users\Admin\AppData\Local\Temp\CryptoObfuscator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2644 -s 536
  2⤵
  PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2644-0-0x0000000000BB0000-0x0000000000D44000-memory.dmp

Filesize
1.6MB

Download
memory/2644-1-0x000007FEF58F0000-0x000007FEF62DC000-memory.dmp

Filesize
9.9MB

Download