3a081d09ca5b24102381a9ba85edae465c08310fcb9ba4be3b938692aff2f998 | Triage

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 11:46

Sharing

Report Analysis Logs

General

Target

Lskj.PubPrint.exe
Size

170KB
MD5

3f633064e29859707cbae6648ff14264
SHA1

b2656bf393b76c80e0d5e16f242e203370c3fa4f
SHA256

3a081d09ca5b24102381a9ba85edae465c08310fcb9ba4be3b938692aff2f998
SHA512

05cfdd8f08d411438150f380f19430796d354fe9f1b91c40d74fe2569b8211754494f32027fe738169e9bd4d25b64c9163cc3bd0ac95c6c8fc28bda66ef40c50
SSDEEP

768:+7dNCkn0feEZlPUYthmQtM3csiD52OZRt96a2AOZRt96a2I:7k0feEZlPTO93cD3z6a2Z3z6a2I

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1456	1936	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1456	1936	Lskj.PubPrint.exe	28
PID 1936 wrote to memory of 1456	1936	Lskj.PubPrint.exe	28
PID 1936 wrote to memory of 1456	1936	Lskj.PubPrint.exe	28
PID 1936 wrote to memory of 1456	1936	Lskj.PubPrint.exe	28

C:\Users\Admin\AppData\Local\Temp\Lskj.PubPrint.exe
"C:\Users\Admin\AppData\Local\Temp\Lskj.PubPrint.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 556
  2⤵
  - Program crash
  PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x0000000000890000-0x00000000008C0000-memory.dmp

Filesize
192KB

Download
memory/1936-1-0x00000000745E0000-0x0000000074CCE000-memory.dmp

Filesize
6.9MB

Download
memory/1936-2-0x00000000745E0000-0x0000000074CCE000-memory.dmp

Filesize
6.9MB

Download