fb9c25da973a81fbbaca16011aba651bf9b5e1d98f1f1a5a500ab00c781ebcb8 | Triage

Resubmissions

29/06/2024, 20:48

240629-zlmr7awbre 8

29/06/2024, 20:47

240629-zlcbfswbra 8

Analysis

max time kernel
0s
max time network
1s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 20:47

Sharing

Report Analysis Logs

General

Target

ClientUpdate.exe (x64).exe
Size

308KB
MD5

1a69a02b0cd10b1764521fec4b7376c9
SHA1

0d0b9299674868dbec74317c9c20de0c6c5a0549
SHA256

becb74a8a71a324c78625aa589e77631633d0f15af1473dfe34eca06e7ec6b86
SHA512

e9d02d292fceecc04584221e59cc4d5753dcf4ffc20c1d3fe58ec6d578024a03b775358cd2627b254bd9b274ec4153538b06b6152ef3e4c38a8138176bddfa48
SSDEEP

6144:HwDOaOGnrViaqj8qxA5ZmDvHBGTVdEolim6U9iceu:Ho3q5vhGTXj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2844	2676	ClientUpdate.exe (x64).exe	29
PID 2676 wrote to memory of 2844	2676	ClientUpdate.exe (x64).exe	29
PID 2676 wrote to memory of 2844	2676	ClientUpdate.exe (x64).exe	29
PID 2676 wrote to memory of 2976	2676	ClientUpdate.exe (x64).exe	31
PID 2676 wrote to memory of 2976	2676	ClientUpdate.exe (x64).exe	31
PID 2676 wrote to memory of 2976	2676	ClientUpdate.exe (x64).exe	31

C:\Users\Admin\AppData\Local\Temp\ClientUpdate.exe (x64).exe
"C:\Users\Admin\AppData\Local\Temp\ClientUpdate.exe (x64).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\windows\system32\cmd.exe
  /c soy.exe
  2⤵
  PID:2844
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2676 -s 40
  2⤵
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads