c3cad582268b165711e2f2b1834891c7bcb5e57a7efb1e709e3df19d011ad656 | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-en-20211208
submitted
15-01-2022 09:54

Sharing

Report Analysis Logs

General

Target

24.exe
Size

7.0MB
MD5

ae6510d9815c44a818f722ecae6844b8
SHA1

2a34b5110f5c3c2424ae9685f57261e2546bd963
SHA256

c3cad582268b165711e2f2b1834891c7bcb5e57a7efb1e709e3df19d011ad656
SHA512

8caa9e661403d5d86f69e7c35e45cdf927ef9ec0c6045ed2ca5af2eaaf26b4f99291eadaf2f0c8c00a31b05b228c6df0c4bd205a7b3ec70e263313a08ffef4f8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1732	24.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 1732	1532	24.exe	27
PID 1532 wrote to memory of 1732	1532	24.exe	27
PID 1532 wrote to memory of 1732	1532	24.exe	27

C:\Users\Admin\AppData\Local\Temp\24.exe
"C:\Users\Admin\AppData\Local\Temp\24.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Users\Admin\AppData\Local\Temp\24.exe
  "C:\Users\Admin\AppData\Local\Temp\24.exe"
  2⤵
  - Loads dropped DLL
  PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1532-55-0x000007FEFC371000-0x000007FEFC373000-memory.dmp

Filesize
8KB

Download