e90f22b601bafbd637700fa9338a4adb4413b8e7944941403560d11ca7997618

Resubmissions

13/03/2024, 10:47

05/03/2024, 05:09

04/03/2024, 07:33

max time kernel
1558s
max time network
1558s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 10:47

Target

New-Order20240303.exe
Size

858KB
MD5

f7a480f48e808a493a91f31b8a72d20a
SHA1

1f4f44e0feb5166eb107c0a7e9fd1b0f921db9e2
SHA256

e90f22b601bafbd637700fa9338a4adb4413b8e7944941403560d11ca7997618
SHA512

b38ca542d172c1dd755a35df2d44de9466cb1ed681506b58953f7c63154e3c22a1fcea9a125bdd4931294d6d7c408a051269e039cf131968fdac53aa85c6fbcb
SSDEEP

12288:iI9M+GHzN8KquCQq9RPf+Dvc5ppSWzzt/i3c/wfFTumO1dspX9W:FezWVxNWvep/zztKM0L0dspX9W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	2468	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1724	2468	New-Order20240303.exe	28
PID 2468 wrote to memory of 1724	2468	New-Order20240303.exe	28
PID 2468 wrote to memory of 1724	2468	New-Order20240303.exe	28
PID 2468 wrote to memory of 1724	2468	New-Order20240303.exe	28

C:\Users\Admin\AppData\Local\Temp\New-Order20240303.exe
"C:\Users\Admin\AppData\Local\Temp\New-Order20240303.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 640
  2⤵
  - Program crash
  PID:1724

memory/2468-0-0x00000000013D0000-0x00000000014AC000-memory.dmp

Filesize
880KB

Download
memory/2468-1-0x0000000073FD0000-0x00000000746BE000-memory.dmp

Filesize
6.9MB

Download
memory/2468-2-0x00000000011A0000-0x00000000011E0000-memory.dmp

Filesize
256KB

Download
memory/2468-3-0x0000000073FD0000-0x00000000746BE000-memory.dmp

Filesize
6.9MB

Download
memory/2468-4-0x00000000011A0000-0x00000000011E0000-memory.dmp

Filesize
256KB

Download