cf8047d4cc968984abac31c651812624f934d6a0a246e13aa6439efc15a76437 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 05:05

Sharing

Report Analysis Logs

General

Target

goop.exe
Size

26KB
MD5

c731fe3c96d4c99b5e0bbfbf0beddcbd
SHA1

1755196df713731e92da7aef8039f958600966d1
SHA256

cf8047d4cc968984abac31c651812624f934d6a0a246e13aa6439efc15a76437
SHA512

72d2cb9d130266b4baa95ac907b578d51fc6d9b8c085fdded861d34933c9a4361e73ca4820e849d34099ad67468899e2e3a37a09bc93b07dab194f0c213d4c7e
SSDEEP

768:sEHP8yBrsBn3HQVOaqM41v1XbV9egm3Hrdd:sEHP8yBrsyIrTXeX3X

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2008	2408	goop.exe	29
PID 2408 wrote to memory of 2008	2408	goop.exe	29
PID 2408 wrote to memory of 2008	2408	goop.exe	29

C:\Users\Admin\AppData\Local\Temp\goop.exe
"C:\Users\Admin\AppData\Local\Temp\goop.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2408 -s 536
  2⤵
  PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x000007FEF4C63000-0x000007FEF4C64000-memory.dmp

Filesize
4KB

Download
memory/2408-1-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/2408-2-0x000007FEF4C63000-0x000007FEF4C64000-memory.dmp

Filesize
4KB

Download