76a65ecfc54d6ef74020e0b9ab497a3abf7e1709c40cc071535cd4bae3c82783 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
24-10-2024 07:55

Sharing

Report Analysis Logs

General

Target

TestAV-bypass.exe
Size

154KB
MD5

e98e435fc0f27599b8551e898f3a5362
SHA1

6e9c45a511a06fddf48f82deb5c91b827bc167e0
SHA256

43e93d34858262178e0527ca75523f838f4d9f28d146fdbf4581161a88ce0ab1
SHA512

4b147b4bf925cb9c7b07a8a3db7a5ea0440cf9b52286a038ee31b3df4a0e9716b321be928a84359845c74c150544c9cc83914a4c57699dbec81914e65919ad74
SSDEEP

3072:h90aNRsKMFIZFSsfxX3/Fi8ruSEfxX3/Fi8ruSSr/:hSs5fFXNE5fFXNO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

TestAV-bypass.exe

description	pid	Process	procid_target
PID 2492 wrote to memory of 2284	2492	TestAV-bypass.exe	32
PID 2492 wrote to memory of 2284	2492	TestAV-bypass.exe	32
PID 2492 wrote to memory of 2284	2492	TestAV-bypass.exe	32

C:\Users\Admin\AppData\Local\Temp\TestAV-bypass.exe
"C:\Users\Admin\AppData\Local\Temp\TestAV-bypass.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2492 -s 204
  2⤵
  PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads