6965e4ef1e20cd2b218d6f98095d62ff5d91e949ede64cc5fe2805a019a56ebb | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 17:16

Sharing

Report Analysis Logs

General

Target

Bypassr Installer.exe
Size

362KB
MD5

0195416544f8bb3c4d0c912570ca4707
SHA1

21908e5a76f03fdfdfe18e92bd697f81c2cc178b
SHA256

6965e4ef1e20cd2b218d6f98095d62ff5d91e949ede64cc5fe2805a019a56ebb
SHA512

6c56f8a3a158069c64090ed524acadb373b9ad5e39131957ea4c0ba898133528160139a59ab01e586392f044a13ed0f02908965ce99cfa1ac3822f7c8a0cac09
SSDEEP

1536:1SxPYiFb09RiHl3UmO0CuTO+puYx9RDHl3UmO0Cz/wVcl:1980bKpUmO0rTO+TxbjpUmO0m/qY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2924	3032	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2924	3032	Bypassr Installer.exe	31
PID 3032 wrote to memory of 2924	3032	Bypassr Installer.exe	31
PID 3032 wrote to memory of 2924	3032	Bypassr Installer.exe	31
PID 3032 wrote to memory of 2924	3032	Bypassr Installer.exe	31

C:\Users\Admin\AppData\Local\Temp\Bypassr Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Bypassr Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 560
  2⤵
  - Program crash
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3032-0-0x0000000073ECE000-0x0000000073ECF000-memory.dmp

Filesize
4KB

Download
memory/3032-1-0x00000000010D0000-0x0000000001130000-memory.dmp

Filesize
384KB

Download
memory/3032-2-0x0000000073ECE000-0x0000000073ECF000-memory.dmp

Filesize
4KB

Download