436bbf3c480e0188d88401276a99c1423402f5e90f87cfb9a1eaa2028c877d1d | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 00:55

Sharing

Report Analysis Logs

General

Target

Softwarev1.24loader.exe
Size

2.7MB
MD5

bbc2a5c08ca5cb19d3235900868b5ef7
SHA1

5676579a83c07a5726a400d153385069424c2d5b
SHA256

436bbf3c480e0188d88401276a99c1423402f5e90f87cfb9a1eaa2028c877d1d
SHA512

173c32ebfeceae612207c9d475ca78e584c9ad5e503f84cc30de493469a96a32fcffefa86b40f6b5f290988904e5d9023163af61855382d3af5174f3823f372e
SSDEEP

49152:pPw34yFJzSdhPzD0mOd4606hU6HznqM+ac+quLfw5Pjg+FyL:+9mOd46A3wTDw5PjfoL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2900	1952	Softwarev1.24loader.exe	30
PID 1952 wrote to memory of 2900	1952	Softwarev1.24loader.exe	30
PID 1952 wrote to memory of 2900	1952	Softwarev1.24loader.exe	30

C:\Users\Admin\AppData\Local\Temp\Softwarev1.24loader.exe
"C:\Users\Admin\AppData\Local\Temp\Softwarev1.24loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1952 -s 28
  2⤵
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-0-0x000000013FF30000-0x00000001401E6000-memory.dmp

Filesize
2.7MB

Download