23a8a97766cc91004a6ffa0413d9a8bc7f732e4a402ee1f30119c6f0980a3ba9 | Triage

Analysis

max time kernel
118s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 13:41

Sharing

Report Analysis Logs

General

Target

ArcInstaller.exe
Size

1.9MB
MD5

422ce58735e74e2018add0a849b96df9
SHA1

bc9d1d47fb6298143db42b5bf2d4bdb88478e87a
SHA256

23a8a97766cc91004a6ffa0413d9a8bc7f732e4a402ee1f30119c6f0980a3ba9
SHA512

e7364e4daa22b857ffff1895b0219fed464dd1884574125cc4a6b4c4eda2f3128e020692ac0ad7b36acc36c9fa9bf2db5c65cd583d70b595414a49a9198011fe
SSDEEP

49152:okYPAh22GrJqZwKeSBjSmanAGg1zHSdkg:odPAh2frw3vBOmWAFIb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2788	2636	ArcInstaller.exe	30
PID 2636 wrote to memory of 2788	2636	ArcInstaller.exe	30
PID 2636 wrote to memory of 2788	2636	ArcInstaller.exe	30

C:\Users\Admin\AppData\Local\Temp\ArcInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\ArcInstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2636 -s 536
  2⤵
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2636-0-0x000007FEF5BC3000-0x000007FEF5BC4000-memory.dmp

Filesize
4KB

Download
memory/2636-1-0x00000000012D0000-0x00000000014B2000-memory.dmp

Filesize
1.9MB

Download
memory/2636-2-0x000007FEF5BC3000-0x000007FEF5BC4000-memory.dmp

Filesize
4KB

Download