b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3 | Triage

Resubmissions

26-09-2021 18:20

210926-wy5a8afcb6 1

23-09-2021 06:40

210923-hfbpashggp 1

Analysis

max time kernel
103s
max time network
106s
platform
windows10_x64
resource
win10v20210408
submitted
26-09-2021 18:20

Sharing

Report Analysis Logs

General

Target

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
Size

3.0MB
MD5

1a8febc7108262de67874fd2884d25e5
SHA1

f4d630f3e2058271ea308b3aaf050cb0bb5f3712
SHA256

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3
SHA512

588224705d68dfb60bd85a8cefd2228c0d3bd1e3dab02e4a3a05b72d2ba0fe205ef95168930becf5cae659c2f5b5e5a1db7cb32cdea73e80b231f2a5419e99a9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe

description	pid	process	target process
PID 568 wrote to memory of 628	568	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 568 wrote to memory of 628	568	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 568 wrote to memory of 628	568	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 568 wrote to memory of 628	568	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 568 wrote to memory of 628	568	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe
PID 568 wrote to memory of 628	568	b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe
"C:\Users\Admin\AppData\Local\Temp\b89ab9559b9f53fa5cd8ca76918902e1be2c3b749d755566ca784ea7ffa48fc3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:568
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  PID:628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/628-114-0x00000000021B0000-0x00000000021BB000-memory.dmp

Filesize
44KB

Download
memory/628-115-0x0000000000000000-mapping.dmp

Download