689d84d60434a515987bdd4f4f0d0bc33621d62ed47339bb6273f65258d92c55 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 02:43

Sharing

Report Analysis Logs

General

Target

PO202501F.exe
Size

713KB
MD5

5006219231a8cb74552d0ad9c1b02ae9
SHA1

1b54149f1d9c54d370c37fc00ad2e28642059c74
SHA256

72fa904d41cfc7c04d3c095e84449aecb989cc98b1d008b3ce9b51717173b053
SHA512

3a71ab78c5ad20325752a4e25267ba086e845cbbdd0452c138a9ac2367f7f5c181d9d1e2019307b4687a170b5ca212559ebe06c44fa43289ba8cdcfaef6a8a0d
SSDEEP

12288:IPHkO6/ceaCdAA3w9zyaZyKgrwoyIgXCYAMA7Q:IPHkOXgAj9zVZgZDd7Q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2164	2436	PO202501F.exe	32
PID 2436 wrote to memory of 2164	2436	PO202501F.exe	32
PID 2436 wrote to memory of 2164	2436	PO202501F.exe	32
PID 2436 wrote to memory of 2164	2436	PO202501F.exe	32
PID 2436 wrote to memory of 2708	2436	PO202501F.exe	33
PID 2436 wrote to memory of 2708	2436	PO202501F.exe	33
PID 2436 wrote to memory of 2708	2436	PO202501F.exe	33

C:\Users\Admin\AppData\Local\Temp\PO202501F.exe
"C:\Users\Admin\AppData\Local\Temp\PO202501F.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
  2⤵
  PID:2164
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2436 -s 16
  2⤵
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads