9006378885c4a84699ad0f90dbe7579969e3a1b41f6fd334c4e440d30a15d063 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 14:09

Sharing

Report Analysis Logs

General

Target

Oldsetup.exe
Size

2.6MB
MD5

98e56fc6276f5ea11ed37de5b40116d3
SHA1

882fd2c385eeaffec3881b3262de638ff912f276
SHA256

9006378885c4a84699ad0f90dbe7579969e3a1b41f6fd334c4e440d30a15d063
SHA512

978c3f3e5e866db2cc59a3474a6b75291b3eba44d445887c2afd50218dce776a650822eb67118481e62411b02102c7e49a1dc99db507d4cca59d0253b5b1a19b
SSDEEP

49152:HZPf0tL9d77T+WScpPNBqB0+iZjS9fQzm4qU0Hy+GtGHkyMaRV/EfZ8yd:EVScpPN3OHmUQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2480	2120	Oldsetup.exe	31
PID 2120 wrote to memory of 2480	2120	Oldsetup.exe	31
PID 2120 wrote to memory of 2480	2120	Oldsetup.exe	31

C:\Users\Admin\AppData\Local\Temp\Oldsetup.exe
"C:\Users\Admin\AppData\Local\Temp\Oldsetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2120 -s 28
  2⤵
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2120-0-0x000000013F4C0000-0x000000013F766000-memory.dmp

Filesize
2.6MB

Download