b086009bb8d7aaf4e18c3b413442ecfb9b70b3c57b8624831661b306599777c8 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 15:55

Sharing

Report Analysis Logs

General

Target

0223.exe
Size

191KB
MD5

fdec70478a05d27ce19003b827ac8c10
SHA1

171105a07aa91966b036b3a5670e829167f48506
SHA256

b086009bb8d7aaf4e18c3b413442ecfb9b70b3c57b8624831661b306599777c8
SHA512

597fe24a8b34e0379a76063d1b30e0dd91e61a0ac4a06a05fefcd23f69ea2ec7112bf54921652c663d0d79cf1e435b9b470bc288d3869b2feedce5dd5d05de8d
SSDEEP

3072:Rfctez+jxNP8rTfIG4KHvw2sHZncyuxFAXLrTeqV3EvjflN:NB+crTfIOHjseyuxFAXnTX3WTl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3044	3000	0223.exe	29
PID 3000 wrote to memory of 3044	3000	0223.exe	29
PID 3000 wrote to memory of 3044	3000	0223.exe	29

C:\Users\Admin\AppData\Local\Temp\0223.exe
"C:\Users\Admin\AppData\Local\Temp\0223.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3000 -s 720
  2⤵
  PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads