3db4e4c528244080a416d9c55d50709ea9813126dcb9b13f0a4473ff13dca2a2 | Triage

Analysis

max time kernel
65s
max time network
37s
platform
windows7_x64
resource
win7-20240903-de
resource tags

arch:x64arch:x86image:win7-20240903-delocale:de-deos:windows7-x64systemwindows
submitted
05-09-2024 12:09

Sharing

Report Analysis Logs

General

Target

Prestige-Installer.exe
Size

2.1MB
MD5

257bf87087262198f4e1c59868e1ba1b
SHA1

98bf47a3c8b885cdaa9c3fd5acf1cbcf712ed5b9
SHA256

3db4e4c528244080a416d9c55d50709ea9813126dcb9b13f0a4473ff13dca2a2
SHA512

a443008baac184227a78c072ad16e34318cdf81cba966348fa32753a7188a92256352cca488aa3a9d794f242a6205a9b1dd0ce57218e1b4e1f6899dc2b949a71
SSDEEP

24576:ALVY5vsPsVVMYWRi7AspZFELHaBXbs5F9ccw:CjbYW7spzEDcwqc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2420	2544	Prestige-Installer.exe	32
PID 2544 wrote to memory of 2420	2544	Prestige-Installer.exe	32
PID 2544 wrote to memory of 2420	2544	Prestige-Installer.exe	32

C:\Users\Admin\AppData\Local\Temp\Prestige-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Prestige-Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2544-0-0x000000013F5B0000-0x000000013F898000-memory.dmp

Filesize
2.9MB

Download
memory/2544-1-0x000000013F5B0000-0x000000013F898000-memory.dmp

Filesize
2.9MB

Download
memory/2544-2-0x000000013F5B0000-0x000000013F898000-memory.dmp

Filesize
2.9MB

Download