20b87e7045c85e80fb7d7815a2d52ed3ad0980e9399ea50ba4bbb5d38d35bc55 | Triage

Analysis

max time kernel
596s
max time network
597s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 21:41

Sharing

Report Analysis Logs

General

Target

876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
Size

13KB
MD5

af1a1fa898e3e42bea3e05809be20882
SHA1

79b65ae9d0908e52e0b3888e34a01b9bed50ec4b
SHA256

876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a
SHA512

73ee9d44465f497adb74f52348d41f5dace937f5689a67eb4dc07e9813149c393b2802b5327cb0b92c9c21310cab3b0f9b699092dfe31928b4cf70ff316bf4bd

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

Processes:

876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
File opened for modification	C:\Windows\Tasks\wow64.job	876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 320 wrote to memory of 472	320	taskeng.exe	876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
PID 320 wrote to memory of 472	320	taskeng.exe	876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
PID 320 wrote to memory of 472	320	taskeng.exe	876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
PID 320 wrote to memory of 472	320	taskeng.exe	876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe

C:\Users\Admin\AppData\Local\Temp\876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
"C:\Users\Admin\AppData\Local\Temp\876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe"
1⤵
- Drops file in Windows directory
PID:800

C:\Windows\system32\taskeng.exe
taskeng.exe {5439EFA1-5F3E-4748-AB1C-00505E7A3557} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:320

C:\Users\Admin\AppData\Local\Temp\876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe
C:\Users\Admin\AppData\Local\Temp\876c2b332d0534704447ab5f04d0eb20ff1c150fd60993ec70812c2c2cad3e6a.exe start
2⤵
PID:472

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/800-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/1492-56-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

Filesize
8KB

Download