5ce7687d00cc5cdc0b7575bc68940f7a092a1f559f987f3b6a9b0c837eaa6496 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 11:23

Sharing

Report Analysis Logs

General

Target

crypted.exe
Size

1.7MB
MD5

175c9b6b2db3b3624f7df4c54dff3262
SHA1

a96c038467d2d6ff0b95275a828948997b6987a3
SHA256

5ce7687d00cc5cdc0b7575bc68940f7a092a1f559f987f3b6a9b0c837eaa6496
SHA512

3d728ce053930f16c8debc087807b3eaadef3c9b21a452b49f13ce767b35b221e71b15db8c849fe71c7d0077d2c0ab31506762626622f87347c596260cddff34
SSDEEP

24576:2iB4QbCAnGZPk/jhW2DQQ3iF2K8+2ntZ8oWyOpZwrlUR:2iB490ykrlUR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2524	2456	crypted.exe	31
PID 2456 wrote to memory of 2524	2456	crypted.exe	31
PID 2456 wrote to memory of 2524	2456	crypted.exe	31

C:\Users\Admin\AppData\Local\Temp\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\crypted.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2456 -s 44
  2⤵
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads