dd2cbeda09bb4e9bdc32df15f5ed8cf090eb7c6aea30f67c471ec777b13d871d | Triage

Analysis

max time kernel
13s
max time network
151s
platform
windows10_x64
resource
win10v20210408
submitted
26-07-2021 09:33

Sharing

Report Analysis Logs

General

Target

setup.exe
Size

118KB
MD5

49b3d2077199c44c1f3bbb16b4094ae6
SHA1

469ccf79a49d3e8d2609f7d54e1ae3dd73e10ee2
SHA256

9f592ba27a79b32d11fafa59facbbebdc9902410e37e2eafa22e677fc33f47e6
SHA512

5225695e14bccff106d903a5fee6c33f27460c2159e822eb246d244e43890b2a22c8463f9334e1c1158b97ccf5410c5c7f7a7c31a544e9f28e3eee5e7a0861f0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

setup.exe

description	pid	process	target process
PID 4060 wrote to memory of 2356	4060	setup.exe	setup.exe
PID 4060 wrote to memory of 2356	4060	setup.exe	setup.exe
PID 4060 wrote to memory of 2356	4060	setup.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Users\Admin\AppData\Local\Temp\setup.exe
C:\Users\Admin\AppData\Local\Temp\setup.exe -deleter
2⤵
PID:2356

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2356-114-0x0000000000000000-mapping.dmp

Download