Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28-05-2024 12:36
Static task
static1
Behavioral task
behavioral1
Sample
PNGsteaIth.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
PNGsteaIth.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Program.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Program.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
关于海南移动被上级领导单位通报考核的通知-20240523.scr.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
关于海南移动被上级领导单位通报考核的通知-20240523.scr.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
名单册-终端o.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
名单册-终端o.exe
Resource
win10v2004-20240508-en
General
-
Target
PNGsteaIth.exe
-
Size
28KB
-
MD5
f2a72b1be4c0ec0571aa3ae048379b93
-
SHA1
a520cb9fa0d5795e5b394de81ba537fdf03a85a3
-
SHA256
a7a003c0a3786ff0a042da131713b2f50c9ed894c558706bd9e9dc197dc66d4f
-
SHA512
eb9db99c02f93cb5d955ceffcaef008e64739a71740e7bc8673502dd4a673944a793a81582aad824f638fb6b4c64c8b72e28042cad857f044fbb6cdc9d47c454
-
SSDEEP
768:GAQxZKyl69VBM1DJX6POODrO3kdW8I60Z/:+xIaZqDDrO3kYi
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2316 1540 WerFault.exe PNGsteaIth.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
PNGsteaIth.exedescription pid process target process PID 1540 wrote to memory of 2316 1540 PNGsteaIth.exe WerFault.exe PID 1540 wrote to memory of 2316 1540 PNGsteaIth.exe WerFault.exe PID 1540 wrote to memory of 2316 1540 PNGsteaIth.exe WerFault.exe PID 1540 wrote to memory of 2316 1540 PNGsteaIth.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1540-0-0x00000000008F0000-0x00000000008FE000-memory.dmpFilesize
56KB