Analysis
-
max time kernel
148s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
02-05-2022 11:34
General
-
Target
0908000009h090000.exe
-
Size
577KB
-
MD5
40f119bd23e3dfe95c416a839da87142
-
SHA1
164cca839ad92c95b3ccbf75873c8d590ff29c89
-
SHA256
6fa65eef03e50dbaba9ba7729d7d5f4a24d9302c028ec1640db45d47096ab29d
-
SHA512
57b30e1242d22c4445b28762fa0e14577169d1e6863a989f0cea6a6affe01800ca9c0e6820ee0818bddd8cc4de58754986927be8d06badd7187069c0eafe33b1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: MapViewOfSection 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"2⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"3⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"4⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"5⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"6⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"7⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"8⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"9⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"9⤵
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"10⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"10⤵
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"11⤵
-
C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"C:\Users\Admin\AppData\Local\Temp\0908000009h090000.exe"11⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/308-85-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/308-83-0x0000000000000000-mapping.dmp
-
memory/560-71-0x0000000000000000-mapping.dmp
-
memory/560-73-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/656-76-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/656-74-0x0000000000000000-mapping.dmp
-
memory/1108-62-0x0000000000000000-mapping.dmp
-
memory/1108-64-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1152-68-0x0000000000000000-mapping.dmp
-
memory/1152-70-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1352-56-0x0000000000000000-mapping.dmp
-
memory/1352-58-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1632-59-0x0000000000000000-mapping.dmp
-
memory/1632-61-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1636-80-0x0000000000000000-mapping.dmp
-
memory/1636-82-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1716-77-0x0000000000000000-mapping.dmp
-
memory/1716-79-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1756-65-0x0000000000000000-mapping.dmp
-
memory/1756-67-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB
-
memory/1972-54-0x0000000075F21000-0x0000000075F23000-memory.dmpFilesize
8KB
-
memory/1972-55-0x00000000001A0000-0x00000000001C9000-memory.dmpFilesize
164KB