Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    13-05-2024 19:28

General

  • Target

    installer-bundle.exe

  • Size

    295.8MB

  • MD5

    8681810e6e93e8fead8a415e1b38c8c2

  • SHA1

    0cf2512a3c3605e096d54656704bcfe318d6d5eb

  • SHA256

    6c59f4f268f1ce1d85cdf9169e81464bb950ec572ea1e3ab9cc4ff4a75589435

  • SHA512

    2888d8b2d5dad99d6a749ceb86c3b432f2accb883f017d57fb3cf4299d4101deb75e5b8fbd8d7979550ea91b44411c125b15fcdce4c5d681ff6c9cffca26c22e

  • SSDEEP

    24576:UMZFAQWxCiFcGD5sj069FywUNoEvOJN+R0FHRfJGCYXQ9:FA1DeFVyN/R0RGCp

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe
    "C:\Users\Admin\AppData\Local\Temp\installer-bundle.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1804 -s 532
      2⤵
        PID:2272

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1804-0-0x000007FEF5AA3000-0x000007FEF5AA4000-memory.dmp

      Filesize

      4KB

    • memory/1804-1-0x000000013F320000-0x0000000140320000-memory.dmp

      Filesize

      16.0MB

    • memory/1804-2-0x000007FEF5AA3000-0x000007FEF5AA4000-memory.dmp

      Filesize

      4KB