b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3 | Triage

Resubmissions

26-09-2021 18:20

210926-wy5a8afcb6 1

23-09-2021 06:40

210923-hfbpashggp 1

Analysis

max time kernel
79s
max time network
26s
platform
windows7_x64
resource
win7-en-20210920
submitted
26-09-2021 18:20

Sharing

Report Analysis Logs

General

Target

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
Size

3.0MB
MD5

1a8febc7108262de67874fd2884d25e5
SHA1

f4d630f3e2058271ea308b3aaf050cb0bb5f3712
SHA256

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3
SHA512

588224705d68dfb60bd85a8cefd2228c0d3bd1e3dab02e4a3a05b72d2ba0fe205ef95168930becf5cae659c2f5b5e5a1db7cb32cdea73e80b231f2a5419e99a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe

description	pid	process	target process
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 2032 wrote to memory of 2024	2032	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
"C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:2024

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-53-0x00000000000A0000-0x00000000000AB000-memory.dmp

Filesize
44KB

Download
memory/2024-54-0x0000000000000000-mapping.dmp

Download
memory/2024-55-0x00000000759B1000-0x00000000759B3000-memory.dmp

Filesize
8KB

Download