33a88f114a5ebf38ab95567ca6bf3585bbd56946226b7cbd609f73d1540fcde7 | Triage

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 10:51

Sharing

Report Analysis Logs

General

Target

file.exe
Size

2.7MB
MD5

4a4c31024d2aae1fe33116aeb73fce39
SHA1

b31e7d8cb99c7de4871bca5f80cd9ab9c13695e7
SHA256

33a88f114a5ebf38ab95567ca6bf3585bbd56946226b7cbd609f73d1540fcde7
SHA512

0f66ffc8162f1d7d13907ed60c23ac6b26b7abf3381039a17835bfe6403fbd1a55f483106cf5ac9db9947498a949b22f9c2f2b701ceb1e00ca4910dd1ed102e7
SSDEEP

49152:aPw34yFJzSdhPzD0mOd4606hU6HzntCR+W97dXx3F9vaV804K8wbLrut7A:F9mOd46/opvau0TBLruu

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2224	3052	file.exe	31
PID 3052 wrote to memory of 2224	3052	file.exe	31
PID 3052 wrote to memory of 2224	3052	file.exe	31

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3052 -s 28
  2⤵
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3052-0-0x000000013F670000-0x000000013F926000-memory.dmp

Filesize
2.7MB

Download