dc4aa0cfe4379b2ae5a8d10a81f7d04f45a8060765dad726a19ec0b2e881c7c9 | Triage

Analysis

max time kernel
40s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 23:33

Sharing

Report Analysis Logs

General

Target

sdcheck/module.exe
Size

40.1MB
MD5

926853fdfffb1a4645f22bb5b7e10d71
SHA1

8cfddabdd2d38175a51cd228b0a25ea0cec6f043
SHA256

bde124a6ff61b44ca4313c5860535cb2b49693e602eee6746b3af7dec5623c17
SHA512

64cbc3f1dc1a1c6f36df0277c1d96da2f5d3c1265149e425f9d6063015d78e96c4b604aeb6e6734a01140ec5bf4d925d1c4c2130f43f1f9e5ab432583c4630e8
SSDEEP

786432:yFNHjOvEt1KXZfKXZhu14yyGifQARGMbExzZAZktBbNgx:yFNDQEaiq184A8YE5yYy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

module.exe

description	pid	process	target process
PID 3016 wrote to memory of 2388	3016	module.exe	WerFault.exe
PID 3016 wrote to memory of 2388	3016	module.exe	WerFault.exe
PID 3016 wrote to memory of 2388	3016	module.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\sdcheck\module.exe
"C:\Users\Admin\AppData\Local\Temp\sdcheck\module.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3016 -s 100
  2⤵
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads