5976e037d6566d69a00c443532b6463373f94f6fe33e4e96ead1e4656c824290 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 19:38

Sharing

Report Analysis Logs

General

Target

$0/scanquery.exe
Size

29KB
MD5

5e0d01130d3f28e1d3abbfd847eabdbe
SHA1

0f16c83b31146e818aa55b7d047a07aa21d75a02
SHA256

e86ce704b6caa6e7400f1f2883c5b39d1d4ccbaf8ee61b123dc49de2b7873ae5
SHA512

d7e9b7b8aa54442112f62212800a8f69a19e40fe6442ac26be5439fe903c98c6e37392b6903d09cc8245fbf9f7992f82f05dbbfe90a2e2df698631f97f61ce88
SSDEEP

768:GK/elBdtQ9KKW13HDWz+P5rX/kJKyC6VJl:p/elBeKf13HA+xrvk4yVl

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2944	784	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2944	784	scanquery.exe	31
PID 784 wrote to memory of 2944	784	scanquery.exe	31
PID 784 wrote to memory of 2944	784	scanquery.exe	31
PID 784 wrote to memory of 2944	784	scanquery.exe	31

C:\Users\Admin\AppData\Local\Temp\$0\scanquery.exe
"C:\Users\Admin\AppData\Local\Temp\$0\scanquery.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 48
  2⤵
  - Program crash
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads