314d4706e5b1da6f9fd59facdc83489988fcea8b765b795c25da7d707261169f | Triage

Analysis

max time kernel
123s
max time network
126s
platform
windows7_x64
resource
win7
submitted
25-10-2020 18:06

Sharing

Report Analysis Logs

General

Target

ConsoleApplication7A.exe
Size

549KB
MD5

66124295d5c18436d1c6ed9b2f791a7a
SHA1

e4225f86558b028c4a5caa8d9b9510f3c779eb26
SHA256

314d4706e5b1da6f9fd59facdc83489988fcea8b765b795c25da7d707261169f
SHA512

88ad5c6098143619740be2b87bbb8fd67c1a6c2676b83bc2bb96e1d0a25a9a9bc52334136bea5c170bbecf49f2fb69c54c25eeb7b9a766b08b930fa442b190e5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ConsoleApplication7A.exe

description	pid	process	target process
PID 1328 wrote to memory of 1500	1328	ConsoleApplication7A.exe	cmd.exe
PID 1328 wrote to memory of 1500	1328	ConsoleApplication7A.exe	cmd.exe
PID 1328 wrote to memory of 1500	1328	ConsoleApplication7A.exe	cmd.exe
PID 1328 wrote to memory of 1500	1328	ConsoleApplication7A.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\ConsoleApplication7A.exe
"C:\Users\Admin\AppData\Local\Temp\ConsoleApplication7A.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c vol C:
2⤵
PID:1500

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1500-0-0x0000000000000000-mapping.dmp

Download