8ef02745f941d7a0cf49d1130bf9ab1bab79ccc52d7e8049b2d7ce880611e92f | Triage

Analysis

max time kernel
47s
max time network
16s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 06:04

Sharing

Report Analysis Logs

General

Target

Ana kata.exe
Size

6.6MB
MD5

52317dd1189eed6b4ee7175c75cf83e0
SHA1

5f07283d9ad57677598783bfec32b8b607609b1c
SHA256

8ef02745f941d7a0cf49d1130bf9ab1bab79ccc52d7e8049b2d7ce880611e92f
SHA512

fc05330b750f7e803cad12f3e3f218930e31844129af6c18e4dc581db4a832d2624caa7c2db9acb13cdb6c520445ff4b786edad82fa3edf0d4d8523e973cd3f1
SSDEEP

49152:MMuVb5Kb55uVb5Kb5xuVb5Kb5Xuhb5jb5:MM2bIbf2bIbP2bIbp6bpb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3044	2944	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3044	2944	Ana kata.exe	28
PID 2944 wrote to memory of 3044	2944	Ana kata.exe	28
PID 2944 wrote to memory of 3044	2944	Ana kata.exe	28
PID 2944 wrote to memory of 3044	2944	Ana kata.exe	28

C:\Users\Admin\AppData\Local\Temp\Ana kata.exe
"C:\Users\Admin\AppData\Local\Temp\Ana kata.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 548
  2⤵
  - Program crash
  PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2944-0-0x0000000074AA0000-0x000000007518E000-memory.dmp

Filesize
6.9MB

Download
memory/2944-1-0x0000000000060000-0x00000000006F4000-memory.dmp

Filesize
6.6MB

Download
memory/2944-2-0x0000000074AA0000-0x000000007518E000-memory.dmp

Filesize
6.9MB

Download