0a7602edc5309eb0683609f1e54bc11052e046b2b3f61f64397526fa935d7c6d | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14/03/2025, 09:50

Sharing

Report Analysis Logs

General

Target

9JFiKVm.exe
Size

479KB
MD5

25f00b7c2ff3ae44d849863c1e47b096
SHA1

90203d582817c0b1e0778e53ab8ef63c2505d912
SHA256

0a7602edc5309eb0683609f1e54bc11052e046b2b3f61f64397526fa935d7c6d
SHA512

144af31085439aabccd2502e3999de5952e58b708ccc9b8254381caf74130bec801f67a55c06614814a311b3093cdc88ebddc63508557b2157c0b15f88f23a15
SSDEEP

12288:7AJ0SiRi56OkEAmD5ZPfrzp+5ifMNVbVciqzSsEO:U0S496z8o6bciPst

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 1748	844	9JFiKVm.exe	31
PID 844 wrote to memory of 1748	844	9JFiKVm.exe	31
PID 844 wrote to memory of 1748	844	9JFiKVm.exe	31

C:\Users\Admin\AppData\Local\Temp\9JFiKVm.exe
"C:\Users\Admin\AppData\Local\Temp\9JFiKVm.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 844 -s 36
  2⤵
  PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads