a620e855497074b6da1cc6ae56b19c3e2e251f6a9b4f43bb0beef655287b3eed | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-02-2024 22:02

Sharing

Report Analysis Logs

General

Target

ucxgm.exe
Size

179KB
MD5

78673699f5e78cf7ecfbb9ef42f3cc20
SHA1

7d1a1e230a595a3249f70871dfca54c1c7e6bb3e
SHA256

85f2460b17088ffbf8a4cfbbcf8c65340f538fe7e78603cf03adad566afc7838
SHA512

1f755d80bd66eea8ba8b0acbb9e2e8ba81d648671621ecd2407b680383e94269f7668840c9280dd75e176efb05cff25345438b43d3e82d71d9df865d759bb016
SSDEEP

3072:LRkMxoi0pXe9X11yHJqkc3xKLYBbIseNfIdQyQ+/vozm:LRcXe11oHJqlEbOR

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1752 936 WerFault.exe ucxgm.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ucxgm.exe

description	pid	process	target process
PID 936 wrote to memory of 1752	936	ucxgm.exe	WerFault.exe
PID 936 wrote to memory of 1752	936	ucxgm.exe	WerFault.exe
PID 936 wrote to memory of 1752	936	ucxgm.exe	WerFault.exe
PID 936 wrote to memory of 1752	936	ucxgm.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\ucxgm.exe
"C:\Users\Admin\AppData\Local\Temp\ucxgm.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
  2⤵
  - Program crash
  PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads