cfc1155f576b0a19d0751b0ae796e7db156ebc7ee8bfa38a735d6856351e2336 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 18:24

Sharing

Report Analysis Logs

General

Target

240923名录手册.exe
Size

6.3MB
MD5

18f3080e28eaebcd43c74f4697fc48cc
SHA1

4164491b4b955362d5d77652f6f3e08f2f5e7ac3
SHA256

a9e6409722eb63eb44c256a1d95bab37af27c4b822464896f9e953a151930308
SHA512

8a028a5bdcf9ea20d879af1da0b84898bf2c584789c368fc320ffe7505d9cca443670198fedb7934af58d626f323e8892d5e89da11983fc00a67a331f1e1a13c
SSDEEP

98304:Cv6fRnOrGoJFVyYU8ohf0kGVrr0K4aueL2hYtIvf+xmVVHtMlhh:Q6peGoJFV5UxhMk60gTw6xf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2148	1560	240923名录手册.exe	30
PID 1560 wrote to memory of 2148	1560	240923名录手册.exe	30
PID 1560 wrote to memory of 2148	1560	240923名录手册.exe	30

C:\Users\Admin\AppData\Local\Temp\240923名录手册.exe
"C:\Users\Admin\AppData\Local\Temp\240923名录手册.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1560 -s 276
  2⤵
  PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-1-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download
memory/1560-0-0x0000000000280000-0x000000000028A000-memory.dmp

Filesize
40KB

Download