ea468ce2078b32fa80baee70d693f063c3eb7fc6e1b298ad0db011f229f54e34 | Triage

Analysis

max time kernel
0s
max time network
0s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 12:40

Sharing

Report Analysis Logs

General

Target

loader.exe
Size

104KB
MD5

161dafd073ebe2996717382835bf8160
SHA1

9472489df562805f8ade1253a4ee978330d377ef
SHA256

ea468ce2078b32fa80baee70d693f063c3eb7fc6e1b298ad0db011f229f54e34
SHA512

2f39b9e3c6b24e6ed083db860eb511a63c1439aa9f9fdce7fdce142da7e9d356f438daab2376c89b03241c402eec045c3112b892744aea207a02f26e503d58cc
SSDEEP

1536:zVZru+aHabLHsBUxqT9B8IsNwC8endmgsMJaC3BjiEFdVUxElxei1w:zN0abLHsBUU9bOwzeYMJsEFdV7ei

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 2248	804	loader.exe	29
PID 804 wrote to memory of 2248	804	loader.exe	29
PID 804 wrote to memory of 2248	804	loader.exe	29

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 804 -s 48
  2⤵
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads