23da62e4b152739d914094e54c657a5615ebf0c3b8fe43eb9a5c342ee083f9ce | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 15:23

Sharing

Report Analysis Logs

General

Target

LDPlayer9_ru_1007_ld.exe
Size

6.2MB
MD5

d8164d9999866836fcc904dbe63d0d9c
SHA1

732a521c0856f4ee61a6e374d1605f14a3886a4e
SHA256

23da62e4b152739d914094e54c657a5615ebf0c3b8fe43eb9a5c342ee083f9ce
SHA512

30ff54b8d4e1c0d9463786922344b0ffd9f2cd640fcc18f45d441e4fad3d32659c766554aa83a094aefb1186570397ce8aa7d6ae079497fc2c03c792a221730f
SSDEEP

98304:maMOOH01Z71vVOO+svd2YJVr5cOlprwwEGK579UbrGif:maMOA01uCtf5copnEGKF97e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2144	2264	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2144	2264	LDPlayer9_ru_1007_ld.exe	30
PID 2264 wrote to memory of 2144	2264	LDPlayer9_ru_1007_ld.exe	30
PID 2264 wrote to memory of 2144	2264	LDPlayer9_ru_1007_ld.exe	30
PID 2264 wrote to memory of 2144	2264	LDPlayer9_ru_1007_ld.exe	30

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1007_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1007_ld.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 368
  2⤵
  - Program crash
  PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads