Analysis
-
max time kernel
144s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
08-05-2022 19:29
Static task
static1
Behavioral task
behavioral1
Sample
mo908000800j865.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
mo908000800j865.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
mo908000800j865.exe
-
Size
577KB
-
MD5
dfd4dde62f8d8746edc2b7f450259181
-
SHA1
50a0f7a1fa3e7bcd4ded00ae20e35e585d9f7867
-
SHA256
deb96dddc557e467d8e3ac9bf5ee8fc167f74461d84e823925c0f8c7b33422e7
-
SHA512
15646b34619848f38e19959b3dff3c3448eda137e527f58f22babfcf304154831f72626890b955f6ca5934efa78f8d0ee83137ad0cd66e60b9c1c17149162a33
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: MapViewOfSection 11 IoCs
Processes:
mo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exepid process 1108 mo908000800j865.exe 908 mo908000800j865.exe 1760 mo908000800j865.exe 1176 mo908000800j865.exe 1176 mo908000800j865.exe 2012 mo908000800j865.exe 1812 mo908000800j865.exe 580 mo908000800j865.exe 1156 mo908000800j865.exe 2036 mo908000800j865.exe 1536 mo908000800j865.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
mo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exemo908000800j865.exedescription pid process target process PID 1108 wrote to memory of 912 1108 mo908000800j865.exe MSBuild.exe PID 1108 wrote to memory of 912 1108 mo908000800j865.exe MSBuild.exe PID 1108 wrote to memory of 912 1108 mo908000800j865.exe MSBuild.exe PID 1108 wrote to memory of 912 1108 mo908000800j865.exe MSBuild.exe PID 1108 wrote to memory of 912 1108 mo908000800j865.exe MSBuild.exe PID 1108 wrote to memory of 908 1108 mo908000800j865.exe mo908000800j865.exe PID 1108 wrote to memory of 908 1108 mo908000800j865.exe mo908000800j865.exe PID 1108 wrote to memory of 908 1108 mo908000800j865.exe mo908000800j865.exe PID 1108 wrote to memory of 908 1108 mo908000800j865.exe mo908000800j865.exe PID 908 wrote to memory of 1352 908 mo908000800j865.exe MSBuild.exe PID 908 wrote to memory of 1352 908 mo908000800j865.exe MSBuild.exe PID 908 wrote to memory of 1352 908 mo908000800j865.exe MSBuild.exe PID 908 wrote to memory of 1352 908 mo908000800j865.exe MSBuild.exe PID 908 wrote to memory of 1352 908 mo908000800j865.exe MSBuild.exe PID 908 wrote to memory of 1760 908 mo908000800j865.exe mo908000800j865.exe PID 908 wrote to memory of 1760 908 mo908000800j865.exe mo908000800j865.exe PID 908 wrote to memory of 1760 908 mo908000800j865.exe mo908000800j865.exe PID 908 wrote to memory of 1760 908 mo908000800j865.exe mo908000800j865.exe PID 1760 wrote to memory of 852 1760 mo908000800j865.exe MSBuild.exe PID 1760 wrote to memory of 852 1760 mo908000800j865.exe MSBuild.exe PID 1760 wrote to memory of 852 1760 mo908000800j865.exe MSBuild.exe PID 1760 wrote to memory of 852 1760 mo908000800j865.exe MSBuild.exe PID 1760 wrote to memory of 852 1760 mo908000800j865.exe MSBuild.exe PID 1760 wrote to memory of 1176 1760 mo908000800j865.exe mo908000800j865.exe PID 1760 wrote to memory of 1176 1760 mo908000800j865.exe mo908000800j865.exe PID 1760 wrote to memory of 1176 1760 mo908000800j865.exe mo908000800j865.exe PID 1760 wrote to memory of 1176 1760 mo908000800j865.exe mo908000800j865.exe PID 1176 wrote to memory of 1076 1176 mo908000800j865.exe MSBuild.exe PID 1176 wrote to memory of 1076 1176 mo908000800j865.exe MSBuild.exe PID 1176 wrote to memory of 1076 1176 mo908000800j865.exe MSBuild.exe PID 1176 wrote to memory of 1076 1176 mo908000800j865.exe MSBuild.exe PID 1176 wrote to memory of 1076 1176 mo908000800j865.exe MSBuild.exe PID 1176 wrote to memory of 2012 1176 mo908000800j865.exe mo908000800j865.exe PID 1176 wrote to memory of 2012 1176 mo908000800j865.exe mo908000800j865.exe PID 1176 wrote to memory of 2012 1176 mo908000800j865.exe mo908000800j865.exe PID 1176 wrote to memory of 2012 1176 mo908000800j865.exe mo908000800j865.exe PID 2012 wrote to memory of 1996 2012 mo908000800j865.exe MSBuild.exe PID 2012 wrote to memory of 1996 2012 mo908000800j865.exe MSBuild.exe PID 2012 wrote to memory of 1996 2012 mo908000800j865.exe MSBuild.exe PID 2012 wrote to memory of 1996 2012 mo908000800j865.exe MSBuild.exe PID 2012 wrote to memory of 1996 2012 mo908000800j865.exe MSBuild.exe PID 2012 wrote to memory of 1812 2012 mo908000800j865.exe mo908000800j865.exe PID 2012 wrote to memory of 1812 2012 mo908000800j865.exe mo908000800j865.exe PID 2012 wrote to memory of 1812 2012 mo908000800j865.exe mo908000800j865.exe PID 2012 wrote to memory of 1812 2012 mo908000800j865.exe mo908000800j865.exe PID 1812 wrote to memory of 1124 1812 mo908000800j865.exe MSBuild.exe PID 1812 wrote to memory of 1124 1812 mo908000800j865.exe MSBuild.exe PID 1812 wrote to memory of 1124 1812 mo908000800j865.exe MSBuild.exe PID 1812 wrote to memory of 1124 1812 mo908000800j865.exe MSBuild.exe PID 1812 wrote to memory of 1124 1812 mo908000800j865.exe MSBuild.exe PID 1812 wrote to memory of 580 1812 mo908000800j865.exe mo908000800j865.exe PID 1812 wrote to memory of 580 1812 mo908000800j865.exe mo908000800j865.exe PID 1812 wrote to memory of 580 1812 mo908000800j865.exe mo908000800j865.exe PID 1812 wrote to memory of 580 1812 mo908000800j865.exe mo908000800j865.exe PID 580 wrote to memory of 1712 580 mo908000800j865.exe MSBuild.exe PID 580 wrote to memory of 1712 580 mo908000800j865.exe MSBuild.exe PID 580 wrote to memory of 1712 580 mo908000800j865.exe MSBuild.exe PID 580 wrote to memory of 1712 580 mo908000800j865.exe MSBuild.exe PID 580 wrote to memory of 1712 580 mo908000800j865.exe MSBuild.exe PID 580 wrote to memory of 1156 580 mo908000800j865.exe mo908000800j865.exe PID 580 wrote to memory of 1156 580 mo908000800j865.exe mo908000800j865.exe PID 580 wrote to memory of 1156 580 mo908000800j865.exe mo908000800j865.exe PID 580 wrote to memory of 1156 580 mo908000800j865.exe mo908000800j865.exe PID 1156 wrote to memory of 300 1156 mo908000800j865.exe MSBuild.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵PID:912
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"2⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:908 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"3⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"3⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵PID:852
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"4⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1176 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"5⤵PID:1076
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"5⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵PID:1996
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"6⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"7⤵PID:1124
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"7⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:580 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"8⤵PID:1712
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"8⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"9⤵PID:300
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"9⤵
- Suspicious behavior: MapViewOfSection
PID:2036 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"10⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"10⤵
- Suspicious behavior: MapViewOfSection
PID:1536 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"11⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"C:\Users\Admin\AppData\Local\Temp\mo908000800j865.exe"11⤵PID:1152