6df37b0612aa679b8c5df5992f7a415c2ad865480dd381826c8ae62c35e2242e | Triage

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 19:05

Sharing

Report Analysis Logs

General

Target

seed check/1_seed-check.exe
Size

2.7MB
MD5

fe8642ef05544492aa7bea74dd228442
SHA1

9cd835042a5feed668604d4f4aca415ff8af9532
SHA256

2ec5235af12345ee05668337a7607bcc4b28cf2409d006fbdf749c2ff6275e3b
SHA512

648155f46994ab9738ab8bcfc49f5bb4db35acde3ecfc324934dac2d4645446d1be04cd39ab014bd9071a8e7ffd38891c225b7330b1c71a702c60f8cb6d6d367
SSDEEP

49152:NPw34yFJzSdhPzD0mOd4606hU6HznKpHaeUGnVn641aibkcrh8A:q9mOd46GHaeUQhVp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2112	2408	1_seed-check.exe	30
PID 2408 wrote to memory of 2112	2408	1_seed-check.exe	30
PID 2408 wrote to memory of 2112	2408	1_seed-check.exe	30

C:\Users\Admin\AppData\Local\Temp\seed check\1_seed-check.exe
"C:\Users\Admin\AppData\Local\Temp\seed check\1_seed-check.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2408 -s 28
  2⤵
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x000000013FB20000-0x000000013FDD6000-memory.dmp

Filesize
2.7MB

Download