Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2025, 20:52

General

  • Target

    PowerVerse.exe

  • Size

    28KB

  • MD5

    49b731e84a38056294fd0e483fc99b85

  • SHA1

    b2c94378d4416a505eb88f5174a8dc01a7ffc548

  • SHA256

    eda36519020d4c8bd126a8186aefc15afb84b08a709aee69a95c2753641ca646

  • SHA512

    ca036dc10e0dd23b941fcc4efc1a27053f051697a889b1429e4c476ea990ab29dc6ba4bb317c822a0273459aca63092a8bfbc9d3f97b6de44175d096e7066dc0

  • SSDEEP

    768:bEH4HId1sPYRquXM41v1UbpCPrUgm3HtJ:bEH4FPnGIMPgX3P

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PowerVerse.exe
    "C:\Users\Admin\AppData\Local\Temp\PowerVerse.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 976 -s 532
      2⤵
        PID:2228

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/976-0-0x000007FEF5FD3000-0x000007FEF5FD4000-memory.dmp

            Filesize

            4KB

          • memory/976-1-0x0000000000330000-0x000000000033E000-memory.dmp

            Filesize

            56KB