7f0f65f78d6fe0a0e7eb8771be51e8b3cf86a5bef749eafe8d56d99b13cdc51a | Triage

Analysis

max time kernel
138s
max time network
11s
platform
windows7_x64
resource
win7v20201028
submitted
13-01-2021 07:11

Sharing

Report Analysis Logs

General

Target

b604247ade575ac39bc1597c9bdc3164.exe
Size

898KB
MD5

b604247ade575ac39bc1597c9bdc3164
SHA1

bb678d0aabb6200092bfb60234c15d46b7b9ab55
SHA256

7f0f65f78d6fe0a0e7eb8771be51e8b3cf86a5bef749eafe8d56d99b13cdc51a
SHA512

e2ead1d0d6c7a86b9cb41a524bfb656264336adf4244fdbe6b54e340958b4aec48afae26f6b429beaa6ba0855f8d246f4f869b9a113cd5a2f536e18ed58904fe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

b604247ade575ac39bc1597c9bdc3164.exe

description	pid	process	target process
PID 1048 wrote to memory of 1584	1048	b604247ade575ac39bc1597c9bdc3164.exe	cmd.exe
PID 1048 wrote to memory of 1584	1048	b604247ade575ac39bc1597c9bdc3164.exe	cmd.exe
PID 1048 wrote to memory of 1584	1048	b604247ade575ac39bc1597c9bdc3164.exe	cmd.exe
PID 1048 wrote to memory of 1584	1048	b604247ade575ac39bc1597c9bdc3164.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\b604247ade575ac39bc1597c9bdc3164.exe
"C:\Users\Admin\AppData\Local\Temp\b604247ade575ac39bc1597c9bdc3164.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
2⤵
PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...