13282c40dd66c53e866c60202f428781cf9562bb0f02e30027ebb7fb41efb5b8 | Triage

Analysis

max time kernel
35s
max time network
89s
platform
windows7_x64
resource
win7v20210408
submitted
23-05-2021 18:02

Sharing

Report Analysis Logs

General

Target

331317B4CAE70B90441E0A2C8FB2E6C6.exe
Size

380KB
MD5

331317b4cae70b90441e0a2c8fb2e6c6
SHA1

a69df46202eb2497bad5c4ddc39e0e83efb8482a
SHA256

13282c40dd66c53e866c60202f428781cf9562bb0f02e30027ebb7fb41efb5b8
SHA512

b4f890eadc675d74500e0b4ffd4964f1b73702995ab6ec685a64282b535415d8193d5e7e4535f223f3446e29b16e65447d9c6a1b2ce9f342c062a02cc9236342

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1780	331317B4CAE70B90441E0A2C8FB2E6C6.tmp

Loads dropped DLL 4 IoCs

pid	Process
332	331317B4CAE70B90441E0A2C8FB2E6C6.exe
1780	331317B4CAE70B90441E0A2C8FB2E6C6.tmp
1780	331317B4CAE70B90441E0A2C8FB2E6C6.tmp
1780	331317B4CAE70B90441E0A2C8FB2E6C6.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28
PID 332 wrote to memory of 1780	332	331317B4CAE70B90441E0A2C8FB2E6C6.exe	28

C:\Users\Admin\AppData\Local\Temp\331317B4CAE70B90441E0A2C8FB2E6C6.exe
"C:\Users\Admin\AppData\Local\Temp\331317B4CAE70B90441E0A2C8FB2E6C6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:332
- C:\Users\Admin\AppData\Local\Temp\is-IA40A.tmp\331317B4CAE70B90441E0A2C8FB2E6C6.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-IA40A.tmp\331317B4CAE70B90441E0A2C8FB2E6C6.tmp" /SL5="$3015A,140559,56832,C:\Users\Admin\AppData\Local\Temp\331317B4CAE70B90441E0A2C8FB2E6C6.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/332-59-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download
memory/332-60-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1780-69-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download