267e274b75ba1c49847eb93d95be90b6382768926e9c3674d115c21c3cc6f2c4 | Triage

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 20:57

Sharing

Report Analysis Logs

General

Target

chelentano.exe
Size

2.2MB
MD5

21506ae1a222c3862c04d187b07ed714
SHA1

c70d79f32b962bf2e7e7901034aaedd8f2e71e35
SHA256

267e274b75ba1c49847eb93d95be90b6382768926e9c3674d115c21c3cc6f2c4
SHA512

351b4739f56820e271887d953ce1fdf68e19c11e84db9325e6f03866c0fc0ec1f6072db03a4013aa914f21990367fc207bfa0f9c41452553d5960881046a034f
SSDEEP

49152:NY4nch8Bu3BR8XlV10RyTXNFMnBOim8MspczpfEUL:G8VBuRR8X3iRg8kzJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

chelentano.exe

description	pid	process	target process
PID 2824 wrote to memory of 2628	2824	chelentano.exe	WerFault.exe
PID 2824 wrote to memory of 2628	2824	chelentano.exe	WerFault.exe
PID 2824 wrote to memory of 2628	2824	chelentano.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\chelentano.exe
"C:\Users\Admin\AppData\Local\Temp\chelentano.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2824 -s 44
  2⤵
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads