9b2a7d4dd0be167c9ad73a9304c995f1d411b67b9ce4452b5389eda0e0c56f3c | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 05:31

Sharing

Report Analysis Logs

General

Target

WebApi.exe
Size

27KB
MD5

ef032cb03eab3b4e8408ff5588ded827
SHA1

5827be66829893e00b41ede69e77ca800f8af539
SHA256

9b2a7d4dd0be167c9ad73a9304c995f1d411b67b9ce4452b5389eda0e0c56f3c
SHA512

0c1f5f7926dd5dddefdcaebb95bce8d98ea8b36e9e01766ed28725505b0d0b669656e7125eb5fb48cd644ad10191c7c6931e3cb73eb6a6b8cf723635dd3d2b37
SSDEEP

384:5Oc7X8SsEbROn22aO2eYfgjcsW/xSDuGdp2eDbll8VNhegKrbQN3AweI:5l4SsESV21P6oQPI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1724	1996	WebApi.exe	29
PID 1996 wrote to memory of 1724	1996	WebApi.exe	29
PID 1996 wrote to memory of 1724	1996	WebApi.exe	29

C:\Users\Admin\AppData\Local\Temp\WebApi.exe
"C:\Users\Admin\AppData\Local\Temp\WebApi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1996 -s 492
  2⤵
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-0-0x000007FEF5263000-0x000007FEF5264000-memory.dmp

Filesize
4KB

Download
memory/1996-1-0x0000000000340000-0x000000000034E000-memory.dmp

Filesize
56KB

Download
memory/1996-2-0x000007FEF5263000-0x000007FEF5264000-memory.dmp

Filesize
4KB

Download