2628e2327bc3d7c261c0fa92f2ed02adee91957b90f950d1c17d5dbe4a69a770 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 14:17

Sharing

Report Analysis Logs

General

Target

3bdbeb0968cf01f30e8caeb785950610N.exe
Size

34KB
MD5

3bdbeb0968cf01f30e8caeb785950610
SHA1

7d7b55dbc74d695de5266e30f49e99b74cbd96b0
SHA256

2628e2327bc3d7c261c0fa92f2ed02adee91957b90f950d1c17d5dbe4a69a770
SHA512

9d6de706ea091df13a204d82e8a42b055fb8857bd685f7227d098075f5205e96f25825462c6d1b219f10aea10403ffeaa6e4db7dad8ff7acadbc66e1f9fdd7a9
SSDEEP

768:I0p4FXQZEFQkVAPTWgffneAJza4gnfVQkQt478:jp4xQZEekkCW3ujaI78

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 1320	2164	3bdbeb0968cf01f30e8caeb785950610N.exe	31
PID 2164 wrote to memory of 1320	2164	3bdbeb0968cf01f30e8caeb785950610N.exe	31
PID 2164 wrote to memory of 1320	2164	3bdbeb0968cf01f30e8caeb785950610N.exe	31

C:\Users\Admin\AppData\Local\Temp\3bdbeb0968cf01f30e8caeb785950610N.exe
"C:\Users\Admin\AppData\Local\Temp\3bdbeb0968cf01f30e8caeb785950610N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2164 -s 20
  2⤵
  PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-0-0x0000000140000000-0x000000014000AE28-memory.dmp

Filesize
43KB

Download
memory/2164-1-0x0000000140000000-0x000000014000AE28-memory.dmp

Filesize
43KB

Download