45b9e820b3ab997c498a28d59601b1b72fbbf3b9415f8c75843ff24c2b250193 | Triage

Analysis

max time kernel
120s
max time network
141s
platform
windows7_x64
resource
win7-en-20210920
submitted
04-11-2021 14:37

Sharing

Report Analysis Logs

General

Target

177f3023ad736fa45c52b45259175e70.exe
Size

13KB
MD5

177f3023ad736fa45c52b45259175e70
SHA1

16c21613b0f30933dcc206cc9562cb95c28452c8
SHA256

45b9e820b3ab997c498a28d59601b1b72fbbf3b9415f8c75843ff24c2b250193
SHA512

1c38fb30f6a0eb7652fbc0dd4dc53ee01e9c3780196f9b243c50eabcec0914f51a6ad6e67156d53dc5a21014575adba4d26c61e3b2d08b71f9f80f8c0abc7dbd

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

Processes:

177f3023ad736fa45c52b45259175e70.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	177f3023ad736fa45c52b45259175e70.exe
File opened for modification	C:\Windows\Tasks\wow64.job	177f3023ad736fa45c52b45259175e70.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1480 wrote to memory of 1124	1480	taskeng.exe	177f3023ad736fa45c52b45259175e70.exe
PID 1480 wrote to memory of 1124	1480	taskeng.exe	177f3023ad736fa45c52b45259175e70.exe
PID 1480 wrote to memory of 1124	1480	taskeng.exe	177f3023ad736fa45c52b45259175e70.exe
PID 1480 wrote to memory of 1124	1480	taskeng.exe	177f3023ad736fa45c52b45259175e70.exe

C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe
"C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe"
1⤵
- Drops file in Windows directory
PID:524

C:\Windows\system32\taskeng.exe
taskeng.exe {3F35D756-950B-4414-995D-416873EB5A38} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe
  C:\Users\Admin\AppData\Local\Temp\177f3023ad736fa45c52b45259175e70.exe start
  2⤵
  PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-54-0x00000000751D1000-0x00000000751D3000-memory.dmp

Filesize
8KB

Download
memory/1124-55-0x0000000000000000-mapping.dmp

Download