9f8a44f4f56b260c135061d2455eb97e1cf9d27248733b70168f488da51a82af | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 02:13

Sharing

Report Analysis Logs

General

Target

Cryptic.exe
Size

10KB
MD5

6c928d5ca6574b87f078aebe93c6f370
SHA1

ea21859803dd31a1f4c2aa4b32b525c078934a34
SHA256

9f8a44f4f56b260c135061d2455eb97e1cf9d27248733b70168f488da51a82af
SHA512

3da5d78d5789558a0fd0c8070c124d7d028fe4f97b79614e46c5330a39d5bf056e9419faecd64f6d0b60dc8061df09b2450d29652c96d29afe5bd1cbe0e0a9f9
SSDEEP

192:zt7nb5dq5YHFtmCd6piPJe2hAWJ6py2bceJDB4mfZ1VT92hS:ztT1Ftmm6T2a6OyUdHZ1Vp2h

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2020	2772	Cryptic.exe	31
PID 2772 wrote to memory of 2020	2772	Cryptic.exe	31
PID 2772 wrote to memory of 2020	2772	Cryptic.exe	31

C:\Users\Admin\AppData\Local\Temp\Cryptic.exe
"C:\Users\Admin\AppData\Local\Temp\Cryptic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2772 -s 732
  2⤵
  PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-0-0x000007FEF5573000-0x000007FEF5574000-memory.dmp

Filesize
4KB

Download
memory/2772-1-0x000000013F480000-0x000000013F486000-memory.dmp

Filesize
24KB

Download
memory/2772-2-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2772-29-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download