a16651c9afd3eda3a5f29c9be9d57c739bc8bb96b982761163e61b1bfd36d1ae | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 22:11 UTC

Sharing

Report Analysis Logs

General

Target

Setup.exe
Size

1.7MB
MD5

f1bca393ebf7d5de3fc6b0f3b2531a45
SHA1

e6323fcf662fd477bb3145021495380d1f88d36f
SHA256

c4722166ddccf45c4b8760f61326ab4c34c9fe5a4ae23b8c34195b728d19bac3
SHA512

7aab0d2b4cd5608c5caaa8fefdbc39283722b05be9e7e8f0e05e8fbfdcf003d1a2ba0a3dd3afba21e7ad167a2ebbb0603db06d71b74f1dea769cf56082620280
SSDEEP

49152:bK+/T/rL4gdI+QOoAhKgrqAwHsnxFP18:RQuLF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 1752	2560	Setup.exe	30
PID 2560 wrote to memory of 1752	2560	Setup.exe	30
PID 2560 wrote to memory of 1752	2560	Setup.exe	30

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2560 -s 28
  2⤵
  PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2560-0-0x000000013F580000-0x000000013F736000-memory.dmp

Filesize
1.7MB

Download