fb85c97c81b9ac1293cb4b70c60a790e7f7785a1d0d522643e04c01b87d381f4 | Triage

Analysis

max time kernel
123s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-04-2024 06:01

Sharing

Report Analysis Logs

General

Target

bundle.exe
Size

312.7MB
MD5

2ff0830e9343f26b8461deecad326a5b
SHA1

032541368454139c35e2e23a1a57ed21388e8dfd
SHA256

4788925332fc6128c895b0e0736a1d7d90e3891f2abb456523cbf0c1ced7d1e2
SHA512

3eaf18e994cb0ee3c4b82aa8cf6468c0e176cd37d6d01dda153f2f9147c4c6e919a02587b5f706cce52038581791aaa573f0b11800095aa982d34127c4fa8350
SSDEEP

49152:yYCAeB2lr71SuRLZlhfyqeuvUm/q1pstArpE12kqRgTHj+lVKgV:qV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2156	2228	bundle.exe	28
PID 2228 wrote to memory of 2156	2228	bundle.exe	28
PID 2228 wrote to memory of 2156	2228	bundle.exe	28

C:\Users\Admin\AppData\Local\Temp\bundle.exe
"C:\Users\Admin\AppData\Local\Temp\bundle.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2228 -s 532
  2⤵
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2228-0-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

Filesize
9.9MB

Download
memory/2228-1-0x000000013FCA0000-0x0000000140CA0000-memory.dmp

Filesize
16.0MB

Download
memory/2228-2-0x000007FEF55F0000-0x000007FEF5FDC000-memory.dmp

Filesize
9.9MB

Download