Analysis
-
max time kernel
12s -
max time network
0s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
05-12-2021 07:50
General
-
Target
f616975d69da372f403d58ba955dc510.exe
-
Size
4.6MB
-
MD5
f616975d69da372f403d58ba955dc510
-
SHA1
e22fcb3ec811cba8d74d4f897d495f21e8c88224
-
SHA256
65f47cd450bd96cba40e838cb0355638a1d43b3ac51d3d6e97a469d5425a7874
-
SHA512
2be545ed1a330f76ff21e3f8406b4982b86a432065264fd88008ab762bf2fafb0f892cbee2b395cdd62c6be98ce02868223331bf1f3e9402cde6f366ca8c49e5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f616975d69da372f403d58ba955dc510.exe"C:\Users\Admin\AppData\Local\Temp\f616975d69da372f403d58ba955dc510.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -ep bypass & 'C:\Users\Admin\AppData\Local\Temp\\ready.ps1'2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1800-61-0x0000000000000000-mapping.dmp
-
memory/1800-62-0x000007FEFB831000-0x000007FEFB833000-memory.dmpFilesize
8KB
-
memory/2040-55-0x00000000413D0000-0x000000004169E000-memory.dmpFilesize
2.8MB
-
memory/2040-58-0x0000000028634000-0x0000000028636000-memory.dmpFilesize
8KB
-
memory/2040-57-0x0000000028632000-0x0000000028634000-memory.dmpFilesize
8KB
-
memory/2040-59-0x0000000028636000-0x0000000028637000-memory.dmpFilesize
4KB
-
memory/2040-60-0x0000000028637000-0x0000000028638000-memory.dmpFilesize
4KB