6b0eb960c2dd71a7d36817ba632010ef0d69283e6580d486da0f0a8d1ed90dd0 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 07:49

Sharing

Report Analysis Logs

General

Target

installer.exe
Size

1.5MB
MD5

323bbd44706808e4012fec37f9f7f9d5
SHA1

4574f337493ed9ff9047b8bff64a73385cd88b23
SHA256

6b0eb960c2dd71a7d36817ba632010ef0d69283e6580d486da0f0a8d1ed90dd0
SHA512

f9cad85991ac3a75b629a010c642e0cda1c58393ced0d8ae61c593c5824239040d11e84ad6bed2fd86acacfff7c353acdcb19978a919753875b4337b5df1e791
SSDEEP

24576:DoSJMFMFTWSTXQWooooooooooooooooooooooooooooooooooooooooooooI:VJMFka

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 3040	2872	installer.exe	28
PID 2872 wrote to memory of 3040	2872	installer.exe	28
PID 2872 wrote to memory of 3040	2872	installer.exe	28

C:\Users\Admin\AppData\Local\Temp\installer.exe
"C:\Users\Admin\AppData\Local\Temp\installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2872 -s 532
  2⤵
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

Filesize
4KB

Download
memory/2872-1-0x000000013F230000-0x0000000140230000-memory.dmp

Filesize
16.0MB

Download
memory/2872-2-0x000007FEF4E43000-0x000007FEF4E44000-memory.dmp

Filesize
4KB

Download