c974d6ff56c2c6e1624b680d11296c61dbd17d13106df8b7beb2c68a123c0021 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 07:48

Sharing

Report Analysis Logs

General

Target

hrkill.exe
Size

384KB
MD5

06639a10b4d585d0833bd7807bde5047
SHA1

bd91cb9b3714504d7f22ae4970617dd7f41e0f00
SHA256

c974d6ff56c2c6e1624b680d11296c61dbd17d13106df8b7beb2c68a123c0021
SHA512

a91b74d673df5a448607618ca5a6914658eb5139c75cc547d773e41dffcff4dcf3cf979815331544829d822ba38c93c076b735ed11c039800474eefead9b6c04
SSDEEP

6144:FLd/bh1akjsbQ+9rJl/VohGH8077vS3jbqr7EyGb7QAh+:FLZV11jsbQcll/WQc077SzbyIbT+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2588	2000	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2588	2000	hrkill.exe	29
PID 2000 wrote to memory of 2588	2000	hrkill.exe	29
PID 2000 wrote to memory of 2588	2000	hrkill.exe	29
PID 2000 wrote to memory of 2588	2000	hrkill.exe	29

C:\Users\Admin\AppData\Local\Temp\hrkill.exe
"C:\Users\Admin\AppData\Local\Temp\hrkill.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 764
  2⤵
  - Program crash
  PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads