2e0ccd8d3ca72b4322294b5b3fbead5d454da524b1fe87bd5687ef00481f7bfe | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 13:16

Sharing

Report Analysis Logs

General

Target

App_installer32_64x.exe
Size

2.4MB
MD5

2552cda61ecc9cffc215808b8310d697
SHA1

bd3c5bfb31cd257606563a44dec61a23b3e2e6e8
SHA256

2e0ccd8d3ca72b4322294b5b3fbead5d454da524b1fe87bd5687ef00481f7bfe
SHA512

dd42dad49c28c3040a1534c88e6ecc5812b9488b2ef59377921ea74db1bb0d258392830f94281a78427b978ed4dc26a1eb2868eabb8b703e9a38533ca84dba31
SSDEEP

49152:pVUJTk3/vizpr2Tv7CJDLeD8O3Rg2JVLe2NKrCAnWwey5:dZ7CJDL4adnzey5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2996	2984	App_installer32_64x.exe	30
PID 2984 wrote to memory of 2996	2984	App_installer32_64x.exe	30
PID 2984 wrote to memory of 2996	2984	App_installer32_64x.exe	30

C:\Users\Admin\AppData\Local\Temp\App_installer32_64x.exe
"C:\Users\Admin\AppData\Local\Temp\App_installer32_64x.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2984 -s 28
  2⤵
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2984-0-0x000000013FAE0000-0x000000013FD57000-memory.dmp

Filesize
2.5MB

Download