8d72d7d21aa97ea9cc0c2ac320116c599213f4d592138142b4f1c716d8631fde | Triage

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 04:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

W3DR.exe
Size

498KB
MD5

11f5974d48c164ab560c2f22acefd8c9
SHA1

d6212ff89a64878e372ca90d7351dfde97357de2
SHA256

ae61a6b950d16d43f88458ac7b3249d093b92a74d7c978dae0dec53abd7abe5d
SHA512

0f0a9ee21b9cdad3e3f99b87844dfe9a95a798f06d798ffc86f4d371f2302a497357c7fed50c1c3bcd6b102dbefc9ad166d4787170c174d2b8136085d5aecda5
SSDEEP

6144:XpObvUISjjIdtdhi1WjkcUOS7KWRBnY3+IDwiXzT1QnK007rhUPiJmFck:ZOb1SjIvdc1WkOSozwyU07rvmP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2468	2276	W3DR.exe	29
PID 2276 wrote to memory of 2468	2276	W3DR.exe	29
PID 2276 wrote to memory of 2468	2276	W3DR.exe	29
PID 2276 wrote to memory of 2468	2276	W3DR.exe	29

C:\Users\Admin\AppData\Local\Temp\W3DR.exe
"C:\Users\Admin\AppData\Local\Temp\W3DR.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c PAUSE
  2⤵
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2276-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download