d9029d87aae61f32f6ea1f9bace4b63671b89d07ff8173e376d4054078c19669 | Triage

Resubmissions

01-01-2025 20:08

250101-yw3eystrcl 8

01-01-2025 20:04

250101-ytbt8a1qe1 8

01-01-2025 20:01

250101-yrhvra1pgx 8

01-01-2025 14:10

250101-rgpf8axnaw 10

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 20:08

Sharing

Report Analysis Logs

General

Target

WinUpdateHelper.exe
Size

91KB
MD5

a1ba93a916b3078e8b640807c07ce1e7
SHA1

01f88dccdb8d44d2b0a160ce038ff970aa799aeb
SHA256

4135754b26dfac10cd19dcf6e03677b537244cf69fdce9c4138589e59449b443
SHA512

3c62713d2e83144e82c644a752b77ddac4652542b11416eea8289209dfa783aac54ae347ec80d55260a11f10c7829a91021e55d05af04f2404a0f19354b91431
SSDEEP

1536:OQT/HMdHIt5VhTRTewBeEyKsqFSSWWpBHER30:VLFtTRRTenD2rA30

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2836	2620	WinUpdateHelper.exe	31
PID 2620 wrote to memory of 2836	2620	WinUpdateHelper.exe	31
PID 2620 wrote to memory of 2836	2620	WinUpdateHelper.exe	31

C:\Users\Admin\AppData\Local\Temp\WinUpdateHelper.exe
"C:\Users\Admin\AppData\Local\Temp\WinUpdateHelper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2620 -s 516
  2⤵
  PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2620-0-0x000007FEF6473000-0x000007FEF6474000-memory.dmp

Filesize
4KB

Download
memory/2620-1-0x000000013F3C0000-0x000000013F3DA000-memory.dmp

Filesize
104KB

Download
memory/2620-2-0x000000001BA30000-0x000000001C455000-memory.dmp

Filesize
10.1MB

Download