f3f0f6e0193c215323d1b0ace60c6bb0befd07251b91ad8497473f426aadae4c | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 05:00

Sharing

Report Analysis Logs

General

Target

100%游戏存档/双击我改签v0.5.exe
Size

37KB
MD5

d7c6e7d592db6f4766f360098c1a3edd
SHA1

48457312af8c5398cb36272044e0707edd82776c
SHA256

237405750ab7d78c1db9f51d4eae7a4a46147bf064a9be61de41fe8aa91ca581
SHA512

1e9b2bb79ad73297becdbed2cb35fe5f08932bb144c54e7469bde50a891e0f973b8d173d8a44c38f56cdd043d31b982eb4a901e01b9d845906ba9f2aa170b122
SSDEEP

768:GnN9dODsbW1WechF6g7K2hnxQhjLzPaKmhznlEIJ3TUuV:G7omW1shg9aQKnLU8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

双击我改签v0.5.exe

description	pid	process	target process
PID 1444 wrote to memory of 2140	1444	双击我改签v0.5.exe	cmd.exe
PID 1444 wrote to memory of 2140	1444	双击我改签v0.5.exe	cmd.exe
PID 1444 wrote to memory of 2140	1444	双击我改签v0.5.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\100%游戏存档\双击我改签v0.5.exe
"C:\Users\Admin\AppData\Local\Temp\100%游戏存档\双击我改签v0.5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads