c09054a38056f357c6d75bdf367c8a7f65c6ee4d5e7d149d274bc62d6426a18a | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 12:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HBVModelRunner.exe
Size

9KB
MD5

390f5d282fffd7291dbc3fe037c11100
SHA1

bf063f3175cde5319a5313d303b2bf8c24a63c2d
SHA256

c09054a38056f357c6d75bdf367c8a7f65c6ee4d5e7d149d274bc62d6426a18a
SHA512

42c17ea96e83eaefde9dbabda12557d5da74dc1b76038e6d993cdbb64ae0d9335eb08c743f33434ef48d9ee92804af0f9c405fd11973c8d60136a6df605b169a
SSDEEP

192:rbzW8Gjysp2DQ0cfKM9THreJVvyj4RMk:rnW8GjysdK1RRM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2068	2428	HBVModelRunner.exe	29
PID 2428 wrote to memory of 2068	2428	HBVModelRunner.exe	29
PID 2428 wrote to memory of 2068	2428	HBVModelRunner.exe	29

C:\Users\Admin\AppData\Local\Temp\HBVModelRunner.exe
"C:\Users\Admin\AppData\Local\Temp\HBVModelRunner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2428 -s 492
  2⤵
  PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2428-0-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

Filesize
4KB

Download
memory/2428-1-0x0000000001380000-0x0000000001388000-memory.dmp

Filesize
32KB

Download
memory/2428-2-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

Filesize
4KB

Download