Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2024 19:05

General

  • Target

    TraceCleaner.exe

  • Size

    11KB

  • MD5

    33fbca8dc3230e2c0c36678c787a63d8

  • SHA1

    e5827fdc5262df48ab53d766a74f2a700cb6b049

  • SHA256

    109b359176e064a3b40100491fbd3217a9a0b7027fd2fee05c5930a2df06770c

  • SHA512

    299a4148337f46c32df4837bcf8dfa2d9984c1b174aec8052e8fd4d7b823b7a50f8f5c990f436578ed7f73a16cf77cced465262b22281d78fd53db0ef89cc6e0

  • SSDEEP

    192:5x8JZ+SbRcum8HKH0BGEPEwzsrogKym+MKNA5jKmo:5xi+K88u0BGEsJogKyHMqAJKm

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TraceCleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\TraceCleaner.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 592
      2⤵
      • Program crash
      PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2980-0-0x0000000000AC0000-0x0000000000ACA000-memory.dmp

    Filesize

    40KB

  • memory/2980-1-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

  • memory/2980-2-0x0000000000360000-0x000000000037A000-memory.dmp

    Filesize

    104KB

  • memory/2980-3-0x0000000004990000-0x00000000049D0000-memory.dmp

    Filesize

    256KB

  • memory/2980-4-0x00000000003E0000-0x00000000003EA000-memory.dmp

    Filesize

    40KB

  • memory/2980-5-0x0000000074920000-0x000000007500E000-memory.dmp

    Filesize

    6.9MB

  • memory/2980-6-0x0000000004990000-0x00000000049D0000-memory.dmp

    Filesize

    256KB