dbd9cfa3d9b4e482ee79e7726e95168a5e27bb0482a0e4744a1e1c56d75f1c32 | Triage

Analysis

max time kernel
152s
max time network
127s
platform
windows10_x64
resource
win10-en-20211104
submitted
09/11/2021, 10:44

Sharing

Report Analysis Logs

General

Target

ebook.exe.org.exe
Size

28.2MB
MD5

07f79b595254bd60ccec7561e858de35
SHA1

6199b33c52351cdc5d6cd1b61bb9f3602c9eb799
SHA256

dbd9cfa3d9b4e482ee79e7726e95168a5e27bb0482a0e4744a1e1c56d75f1c32
SHA512

6ca0a66adebe69b10e2c79f75441f264e8481d481731ba3bde0ee522f64761558fc74739a1a43b411708d0c6169a92167febd490a0cd96693236de29fc37362b

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3976	ebook.exe.org.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3976	3024	ebook.exe.org.exe	69
PID 3024 wrote to memory of 3976	3024	ebook.exe.org.exe	69
PID 3024 wrote to memory of 3976	3024	ebook.exe.org.exe	69

C:\Users\Admin\AppData\Local\Temp\ebook.exe.org.exe
"C:\Users\Admin\AppData\Local\Temp\ebook.exe.org.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\is-SQV10.tmp\ebook.exe.org.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SQV10.tmp\ebook.exe.org.tmp" /SL5="$30116,28982256,486912,C:\Users\Admin\AppData\Local\Temp\ebook.exe.org.exe"
  2⤵
  - Executes dropped EXE
  PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3024-122-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3976-123-0x00000000006D0000-0x000000000081A000-memory.dmp

Filesize
1.3MB

Download