d682e483dcb4e98e0bbb55b8cb94710496a88a88bf7af9c9af1571d2c4421616 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-de
resource tags

arch:x64arch:x86image:win7-20240220-delocale:de-deos:windows7-x64systemwindows
submitted
24-04-2024 12:59

Sharing

Report Analysis Logs

General

Target

Rki.SurvNet.exe
Size

9.8MB
MD5

4b2e3ce016adb7d579a0201abe99e4b3
SHA1

eb444969feacf3f8f96a91f302b8fdbeed1f10d6
SHA256

d682e483dcb4e98e0bbb55b8cb94710496a88a88bf7af9c9af1571d2c4421616
SHA512

b030d934bed2b6ff879959876513fd67c3988feb78940a6400ed08f98f61c3e23955f9cd77a77beb4add91b45d77e88418bceee87d9725986209e1f352b978f1
SSDEEP

98304:FJLHlMhKfMvrWaG5Y5+xhnnz5p0mYRxWrol06B:FJpqKfMTBGacbz5pNY3Wa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 3024	2612	Rki.SurvNet.exe	28
PID 2612 wrote to memory of 3024	2612	Rki.SurvNet.exe	28
PID 2612 wrote to memory of 3024	2612	Rki.SurvNet.exe	28

C:\Users\Admin\AppData\Local\Temp\Rki.SurvNet.exe
"C:\Users\Admin\AppData\Local\Temp\Rki.SurvNet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2612 -s 504
  2⤵
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2612-1-0x000007FEF5640000-0x000007FEF602C000-memory.dmp

Filesize
9.9MB

Download
memory/2612-0-0x0000000000E90000-0x0000000001868000-memory.dmp

Filesize
9.8MB

Download
memory/2612-2-0x000007FEF5640000-0x000007FEF602C000-memory.dmp

Filesize
9.9MB

Download