bca64540a033b12247f730c2afaad55f710c1e5054c297b84ea56e50388079fe | Triage

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 04:46

Sharing

Report Analysis Logs

General

Target

FPC411/FPC.exe
Size

592KB
MD5

35a3c06e213ff4017b91cc7c0668a532
SHA1

f2ebc49175b93d06466370b2a65640accafb4d08
SHA256

bf12c11db993d3224fcfa5c47d1e4c550dd74b3be083932bea5597c0b0da203f
SHA512

0a128f6a5a14ec6f5ab67ac94d0f2970637879116b249b599e08259edc9fd5cdb5c90966c09a0378d784ebe348adea39dd614a7eb3053f0fff7408b1ef1e4937
SSDEEP

12288:nOTMM1IKwMnoQN5dVhf9ZYYQ/vBTN52I50opU8tFYfTcc8uzvY:nO5ZwpcpeXBH2I5vOL8uzvY

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3028	2392	WerFault.exe	29

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 3028	2392	FPC.exe	30
PID 2392 wrote to memory of 3028	2392	FPC.exe	30
PID 2392 wrote to memory of 3028	2392	FPC.exe	30
PID 2392 wrote to memory of 3028	2392	FPC.exe	30

C:\Users\Admin\AppData\Local\Temp\FPC411\FPC.exe
"C:\Users\Admin\AppData\Local\Temp\FPC411\FPC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 432
  2⤵
  - Program crash
  PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-0-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2392-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2392-2-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2392-4-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download