b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3 | Triage

Resubmissions

26-09-2021 18:20

210926-wy5a8afcb6 1

23-09-2021 06:40

210923-hfbpashggp 1

Analysis

max time kernel
144s
max time network
147s
platform
windows10_x64
resource
win10-en-20210920
submitted
23-09-2021 06:40

Sharing

Report Analysis Logs

General

Target

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
Size

3.0MB
MD5

1a8febc7108262de67874fd2884d25e5
SHA1

f4d630f3e2058271ea308b3aaf050cb0bb5f3712
SHA256

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3
SHA512

588224705d68dfb60bd85a8cefd2228c0d3bd1e3dab02e4a3a05b72d2ba0fe205ef95168930becf5cae659c2f5b5e5a1db7cb32cdea73e80b231f2a5419e99a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe

description	pid	process	target process
PID 2372 wrote to memory of 2656	2372	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2372 wrote to memory of 2656	2372	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2372 wrote to memory of 2656	2372	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2372 wrote to memory of 2656	2372	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2372 wrote to memory of 2656	2372	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2372 wrote to memory of 2656	2372	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
"C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2656-115-0x0000000000D50000-0x0000000000D5B000-memory.dmp

Filesize
44KB

Download
memory/2656-116-0x0000000000000000-mapping.dmp

Download