Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-06-2022 03:50
Static task
static1
Behavioral task
behavioral1
Sample
1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe
-
Size
65KB
-
MD5
e663478c2a5e06949651931a34f2d14d
-
SHA1
3ba47f930d7c3018ee06c258e150725434d8d47d
-
SHA256
1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590
-
SHA512
f675f59dcf2bc7206b5168145f2d0d5894380b97c827f013027df50b96ebd4e3d678862c48b428664ef4a3939a0cb5ed54fc8c44fd743847c0f07c90b7ada172
Score
1/10
Malware Config
Signatures
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exenet.exedescription pid process target process PID 1224 wrote to memory of 904 1224 1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe net.exe PID 1224 wrote to memory of 904 1224 1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe net.exe PID 1224 wrote to memory of 904 1224 1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe net.exe PID 1224 wrote to memory of 904 1224 1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe net.exe PID 904 wrote to memory of 968 904 net.exe net1.exe PID 904 wrote to memory of 968 904 net.exe net1.exe PID 904 wrote to memory of 968 904 net.exe net1.exe PID 904 wrote to memory of 968 904 net.exe net1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe"C:\Users\Admin\AppData\Local\Temp\1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net.exenet user Malware430 infected /ADD2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user Malware430 infected /ADD3⤵