114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323 | Triage

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 16:31

Sharing

Report Analysis Logs

General

Target

pclient.exe
Size

1.2MB
MD5

ef95411945330db1907508d38bc373ac
SHA1

7bb8d57cb26f3927bd741db598254efd72f249c4
SHA256

114b868f319162c5d6ff92796e41910f54de0e89f895a066fd4980c6dba2e323
SHA512

2ca5709cae5f19b9e95b80df91d00cdc81522f41c5be7070434df8edb25f80f4c1d1704f8db7824f6cae0bb81e4cd1c987d58749a56853a1a5da65542ab2bc8c
SSDEEP

24576:snz6dSHy7DXstIVWn4etKUBYWPezgW8Ns:8zf5N4qKUGWP9W8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

pclient.exe

description	pid	process	target process
PID 2484 wrote to memory of 2776	2484	pclient.exe	WerFault.exe
PID 2484 wrote to memory of 2776	2484	pclient.exe	WerFault.exe
PID 2484 wrote to memory of 2776	2484	pclient.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\pclient.exe
"C:\Users\Admin\AppData\Local\Temp\pclient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2484 -s 1260
  2⤵
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads