8c360306a3ee3c0753970a0a7adb11125224e8ece69ffcf8dc281ba444a67486 | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 05:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TaxEvasion.exe
Size

18KB
MD5

85d5af79d28498e521cdacae4af78e0b
SHA1

3e3a5a5fd65b8de98d6ae1849f8f9e6f23f27264
SHA256

8c360306a3ee3c0753970a0a7adb11125224e8ece69ffcf8dc281ba444a67486
SHA512

282e6dcf247184bd97bb3db8aba35a49a6b208949bfc8945739c20f010470602dae7257220467f75007b906b5d62c6686266e9cb8e1d26af3012c68d4c35271d
SSDEEP

384:4fyAEJhbsQ85G1v/oZZ4a3pTG//PEn7lHE07o16nk:eJEJdsNR30C7df66k

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2496	2236	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2496	2236	TaxEvasion.exe	29
PID 2236 wrote to memory of 2496	2236	TaxEvasion.exe	29
PID 2236 wrote to memory of 2496	2236	TaxEvasion.exe	29
PID 2236 wrote to memory of 2496	2236	TaxEvasion.exe	29

C:\Users\Admin\AppData\Local\Temp\TaxEvasion.exe
"C:\Users\Admin\AppData\Local\Temp\TaxEvasion.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 552
  2⤵
  - Program crash
  PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000000E30000-0x0000000000E3A000-memory.dmp

Filesize
40KB

Download
memory/2236-1-0x0000000074900000-0x0000000074FEE000-memory.dmp

Filesize
6.9MB

Download
memory/2236-2-0x0000000074900000-0x0000000074FEE000-memory.dmp

Filesize
6.9MB

Download