40944a0508c93b43ee7184700dfc4a6760c66db32bf81d66c2941923fd334f6a | Triage

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 01:37

Sharing

Report Analysis Logs

General

Target

BIOS_v1.07/snpac.exe
Size

44KB
MD5

291d998faf6e251736bd3abe3addb348
SHA1

a779daf3087d46a929e6bf2fd5fa1690ac273cb9
SHA256

c5b79e24001bc0e20b51088755162c158b145d49898f1c5c958469b718897a5e
SHA512

9ee48292014431e7a2a2adf4fa1a90202eb5e58da7f673bf0b50e3143c02c4091132eef84e999283d3eebb998c71a44c630cd71f69e751e87ba33d6cd2969817
SSDEEP

768:agEdz09s8zMYdOoRdyYUVl0JkbxoCGSe0ZL6zrX9Pdo:abdg9zO3OqbxoCA0Vgno

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3008	2080	WerFault.exe	27

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
468	Process not Found
468	Process not Found

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 3008	2080	snpac.exe	29
PID 2080 wrote to memory of 3008	2080	snpac.exe	29
PID 2080 wrote to memory of 3008	2080	snpac.exe	29
PID 2080 wrote to memory of 3008	2080	snpac.exe	29

C:\Users\Admin\AppData\Local\Temp\BIOS_v1.07\snpac.exe
"C:\Users\Admin\AppData\Local\Temp\BIOS_v1.07\snpac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 160
  2⤵
  - Program crash
  PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads