c4722166ddccf45c4b8760f61326ab4c34c9fe5a4ae23b8c34195b728d19bac3 | Triage

Resubmissions

04-10-2024 11:26

241004-nj8fbs1eqk 10

04-10-2024 11:12

241004-na2lesvdra 10

Analysis

max time kernel
42s
max time network
25s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 11:12

Sharing

Report Analysis Logs

General

Target

Setup.exe
Size

1.7MB
MD5

f1bca393ebf7d5de3fc6b0f3b2531a45
SHA1

e6323fcf662fd477bb3145021495380d1f88d36f
SHA256

c4722166ddccf45c4b8760f61326ab4c34c9fe5a4ae23b8c34195b728d19bac3
SHA512

7aab0d2b4cd5608c5caaa8fefdbc39283722b05be9e7e8f0e05e8fbfdcf003d1a2ba0a3dd3afba21e7ad167a2ebbb0603db06d71b74f1dea769cf56082620280
SSDEEP

49152:bK+/T/rL4gdI+QOoAhKgrqAwHsnxFP18:RQuLF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1508	1668	Setup.exe	31
PID 1668 wrote to memory of 1508	1668	Setup.exe	31
PID 1668 wrote to memory of 1508	1668	Setup.exe	31

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1668 -s 28
  2⤵
  PID:1508

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x000000013F5B0000-0x000000013F766000-memory.dmp

Filesize
1.7MB

Download