a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87 | Triage

Resubmissions

13-01-2025 21:25

250113-z9z3esxras 10

13-01-2025 21:22

250113-z8cwhazqbp 10

Analysis

max time kernel
74s
max time network
17s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13-01-2025 21:25

Sharing

Report Analysis Logs

General

Target

bl.exe
Size

1.6MB
MD5

fa3d03c319a7597712eeff1338dabf92
SHA1

f055ba8a644f68989edc21357c0b17fdf0ead77f
SHA256

a08db4c7b7bacc2bacd1e9a0ac7fbb91306bf83c279582f5ac3570a90e8b0f87
SHA512

80226bb11d56e4dc2dbc4fc6aade47db4ca4c539b25ee70b81465e984df0287d5efcadb6ec8bfc418228c61bd164447d62c4444030d31655aaeed342e2507ea1
SSDEEP

24576:ZMN6PENnBBQXf1UCyfGH32hEFS3qWcI6baD8U2ZuLCk4EB:ZM15BBwKjEF3M2A1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 792	2524	bl.exe	31
PID 2524 wrote to memory of 792	2524	bl.exe	31
PID 2524 wrote to memory of 792	2524	bl.exe	31

C:\Users\Admin\AppData\Local\Temp\bl.exe
"C:\Users\Admin\AppData\Local\Temp\bl.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2524 -s 152
  2⤵
  PID:792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads