4583a1571f9b3b243e99e0f2bb56ba1492ae3371bce975af8ddede349a7be5bb | Triage

Analysis

max time kernel
10s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 04:27

Sharing

Report Analysis Logs

General

Target

ve.py.decoded1.exe
Size

344KB
MD5

df30248a64d62d5d7f368a280ca3b30f
SHA1

f7478cf4d97675956b98b577c473007b479df034
SHA256

4583a1571f9b3b243e99e0f2bb56ba1492ae3371bce975af8ddede349a7be5bb
SHA512

6f653b58f8852623a51f5a11f7fedaa9c22a275938ce9866b39b1d6e77add26b30bad937247b60af915365cfe3f4da3f9394623605e7217f517968d8d4b79485
SSDEEP

6144:Mw16Niu3DOHDOCJTAL8QvjCdMH9O1BNI:M06Niu38DOqTAL8QvgMo7I

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 396	2104	ve.py.decoded1.exe	30
PID 2104 wrote to memory of 396	2104	ve.py.decoded1.exe	30
PID 2104 wrote to memory of 396	2104	ve.py.decoded1.exe	30

C:\Users\Admin\AppData\Local\Temp\ve.py.decoded1.exe
"C:\Users\Admin\AppData\Local\Temp\ve.py.decoded1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2104 -s 32
  2⤵
  PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads