a8c5e153bc81e01e7a6526a9a475d66b59e55efa72e2499188da538c199d195a | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 11:36

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

10.7MB
MD5

d101458db03951448efd0005c536b585
SHA1

18c74762c3b10fadeba56e7c7145a841ccbd7de7
SHA256

a8c5e153bc81e01e7a6526a9a475d66b59e55efa72e2499188da538c199d195a
SHA512

3a4b08a7928b96f5142df6e02a61f731771f19761e3372b420962f0478c4ceb0847e240c101d220e377389a6f7a7f6227040a33f5569c57ff022c37bb15e32fd
SSDEEP

196608:sM9R73X1CjdWjS/FDGnymYYQVt/Fm8F8TRb:pn1EgjS/h/mYYQVt/Fm8F8TR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2340	2792	tmp.exe	28
PID 2792 wrote to memory of 2340	2792	tmp.exe	28
PID 2792 wrote to memory of 2340	2792	tmp.exe	28

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2792 -s 196
  2⤵
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads