305340a18a686605ab61cec00c82964a9b29e74a2624de1c961fe721b7c42240 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 13:40

Sharing

Report Analysis Logs

General

Target

QuFGggkr.exe
Size

7KB
MD5

11a34da51ba4f9e10f4ecaa9c9d88529
SHA1

712ef6d80d588a5d1fcfa0dd753cbba75afdaf2e
SHA256

305340a18a686605ab61cec00c82964a9b29e74a2624de1c961fe721b7c42240
SHA512

2eb9fcf8d0c55f3176d213183d70c4a2d49e0245496ada72825e187bc736a3e08383410405e9d73b3f725b921ed55dc1a0d302b08c25b670edb07d3bb074a4c8
SSDEEP

24:eFGStrJ9u0/6ugnZdEBQAV8aKq9K9qVeNDJSqUmZEWdXCIGDpmB:is0rUEBQpE9XSDoqUjWZCSB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2840	2432	QuFGggkr.exe	28
PID 2432 wrote to memory of 2840	2432	QuFGggkr.exe	28
PID 2432 wrote to memory of 2840	2432	QuFGggkr.exe	28

C:\Users\Admin\AppData\Local\Temp\QuFGggkr.exe
"C:\Users\Admin\AppData\Local\Temp\QuFGggkr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2432-0-0x0000000140000000-0x0000000140004248-memory.dmp

Filesize
16KB

Download