b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3 | Triage

Resubmissions

26-09-2021 18:20

210926-wy5a8afcb6 1

23-09-2021 06:40

210923-hfbpashggp 1

Analysis

max time kernel
123s
max time network
109s
platform
windows7_x64
resource
win7v20210408
submitted
23-09-2021 06:40

Sharing

Report Analysis Logs

General

Target

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
Size

3.0MB
MD5

1a8febc7108262de67874fd2884d25e5
SHA1

f4d630f3e2058271ea308b3aaf050cb0bb5f3712
SHA256

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3
SHA512

588224705d68dfb60bd85a8cefd2228c0d3bd1e3dab02e4a3a05b72d2ba0fe205ef95168930becf5cae659c2f5b5e5a1db7cb32cdea73e80b231f2a5419e99a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe

description	pid	process	target process
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 1100 wrote to memory of 1168	1100	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
"C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1168-60-0x0000000000060000-0x000000000006B000-memory.dmp

Filesize
44KB

Download
memory/1168-61-0x0000000000000000-mapping.dmp

Download
memory/1168-62-0x0000000075AF1000-0x0000000075AF3000-memory.dmp

Filesize
8KB

Download