Analysis
-
max time kernel
28s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 14:00
Behavioral task
behavioral1
Sample
Tovar na vozvrat za etot mesyac.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
Tovar na vozvrat za etot mesyac.exe
-
Size
1.1MB
-
MD5
b70279fc1c857dc76a50f77a46460657
-
SHA1
fbcabd564c13287b0a0d42026c77006f0c6e7983
-
SHA256
eda6bc27798b7230d63cae9225c466b67b05e788b315e4dc443c43cf1baabfca
-
SHA512
424726d9175411466cb5fb0d99ecb843fb9609506b88e708c13717d5b47921485c370324b08f3f5379b6e7b2266ae30e45f49a6030ad2409446ec971ddbd761f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Tovar na vozvrat za etot mesyac.exedescription pid process target process PID 1908 wrote to memory of 1384 1908 Tovar na vozvrat za etot mesyac.exe Tovar na vozvrat za etot mesyac.exe PID 1908 wrote to memory of 1384 1908 Tovar na vozvrat za etot mesyac.exe Tovar na vozvrat za etot mesyac.exe PID 1908 wrote to memory of 1384 1908 Tovar na vozvrat za etot mesyac.exe Tovar na vozvrat za etot mesyac.exe PID 1908 wrote to memory of 1384 1908 Tovar na vozvrat za etot mesyac.exe Tovar na vozvrat za etot mesyac.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe"C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe"C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe" dfsr2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1384-55-0x0000000000000000-mapping.dmp
-
memory/1384-59-0x0000000000400000-0x0000000000522000-memory.dmpFilesize
1.1MB
-
memory/1908-54-0x0000000075FC1000-0x0000000075FC3000-memory.dmpFilesize
8KB
-
memory/1908-56-0x00000000002A0000-0x00000000002AE000-memory.dmpFilesize
56KB
-
memory/1908-58-0x0000000000400000-0x0000000000522000-memory.dmpFilesize
1.1MB