cab410b524ad8c0724e7e5a00445dde112caacd97f184f20456717744ebc8714 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 06:56

Sharing

Report Analysis Logs

General

Target

华为Dir项目体验demo.exe
Size

2.6MB
MD5

6f80ae2ab16091ce0289ea727a106b26
SHA1

dd135ac24fc5f9db43be8a3dfe9100ba6e22ff26
SHA256

cab410b524ad8c0724e7e5a00445dde112caacd97f184f20456717744ebc8714
SHA512

a4546d12a9a817b27a999d46d184fe0f3ae9ca2563b01bd722a3e8bae99ebf898262741e4558a6d81b7e16ea5d0e9981cfcad621baa8d46666c1993db40d30de
SSDEEP

49152:6d+W4hk+CpCnu8JJ09TeuoehM2XikoFMv41MNe9NelZ:ThzCyuiWXikoFc41qe9Nm

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2128	华为Dir项目体验demo.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1624	2128	华为Dir项目体验demo.exe	28
PID 2128 wrote to memory of 1624	2128	华为Dir项目体验demo.exe	28
PID 2128 wrote to memory of 1624	2128	华为Dir项目体验demo.exe	28

C:\Users\Admin\AppData\Local\Temp\华为Dir项目体验demo.exe
"C:\Users\Admin\AppData\Local\Temp\华为Dir项目体验demo.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2128 -s 180
  2⤵
  PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-0-0x0000000077651000-0x0000000077652000-memory.dmp

Filesize
4KB

Download