b7572dce6db5eb2433998122271571ad0b7e067f547a44474cc25ea15d4ae29b | Triage

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 05:08

Sharing

Report Analysis Logs

General

Target

Editor.exe
Size

1.6MB
MD5

7d644a3f13712daf6c4978790b69387f
SHA1

b65945b18fdd883a305e834b7df16a0044674c14
SHA256

b908f810951185ebb3fd5a21412db4e3f90ebf64f1aa417ef886ff47ae9794d3
SHA512

0cd5d115401eee9b770dcbca431da3c27e14e2a45ad71e1619ad4c73f6719b784d080525c03d5199612fe509266fa72d28e21e1f4d12e740f378e309a846a79a
SSDEEP

24576:k3TTgyqdVdj5vDVlJZyJUgG9NVi9MkeH6wWp1RGIO72X:k3Tfqp5vDZZyJUgG9riekeVc1RvO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2688	Editor.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2688	Editor.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2112	2688	Editor.exe	30
PID 2688 wrote to memory of 2112	2688	Editor.exe	30
PID 2688 wrote to memory of 2112	2688	Editor.exe	30

C:\Users\Admin\AppData\Local\Temp\Editor.exe
"C:\Users\Admin\AppData\Local\Temp\Editor.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2688 -s 468
  2⤵
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2688-1-0x000000013FF90000-0x0000000140134000-memory.dmp

Filesize
1.6MB

Download
memory/2688-0-0x00000000751F0000-0x0000000075734000-memory.dmp

Filesize
5.3MB

Download
memory/2688-2-0x0000000070440000-0x00000000705C1000-memory.dmp

Filesize
1.5MB

Download
memory/2688-3-0x0000000063740000-0x00000000639C3000-memory.dmp

Filesize
2.5MB

Download