1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-06-2022 03:50

Sharing

Report Analysis Logs

General

Target

1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe
Size

65KB
MD5

e663478c2a5e06949651931a34f2d14d
SHA1

3ba47f930d7c3018ee06c258e150725434d8d47d
SHA256

1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590
SHA512

f675f59dcf2bc7206b5168145f2d0d5894380b97c827f013027df50b96ebd4e3d678862c48b428664ef4a3939a0cb5ed54fc8c44fd743847c0f07c90b7ada172

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exenet.exe

description	pid	process	target process
PID 1224 wrote to memory of 904	1224	1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe	net.exe
PID 1224 wrote to memory of 904	1224	1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe	net.exe
PID 1224 wrote to memory of 904	1224	1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe	net.exe
PID 1224 wrote to memory of 904	1224	1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe	net.exe
PID 904 wrote to memory of 968	904	net.exe	net1.exe
PID 904 wrote to memory of 968	904	net.exe	net1.exe
PID 904 wrote to memory of 968	904	net.exe	net1.exe
PID 904 wrote to memory of 968	904	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe
"C:\Users\Admin\AppData\Local\Temp\1d5d84f3adc8a2a12fb1dbf4f089c8b1f93627c6658507c7c01c1dbb0d2a4590.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1224

C:\Windows\SysWOW64\net.exe
net user Malware430 infected /ADD
2⤵
- Suspicious use of WriteProcessMemory
PID:904

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Malware430 infected /ADD
3⤵
PID:968

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-54-0x0000000000000000-mapping.dmp

Download
memory/968-55-0x0000000000000000-mapping.dmp

Download