Overview

overview

8

Static

static

8

d25428e030...74.exe

windows7_x64

1

d25428e030...74.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    07-07-2022 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d25428e030108909b6c282f13d9378e678a1906157901473d6986f6944c02c74.exe

  • Size

    88KB

  • MD5

    4472378685346fa20e57f7a85e480716

  • SHA1

    c2e48f70d2e1da3906f425f7db702e981e692916

  • SHA256

    d25428e030108909b6c282f13d9378e678a1906157901473d6986f6944c02c74

  • SHA512

    93f1366555b58ab5476832447d19a5dadc899ab147305075444e296ed76cd7b0fa5670b4c1474d54654444eb436e5705ef2903487193539f260dc72858da9f71

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1204
      • C:\Users\Admin\AppData\Local\Temp\d25428e030108909b6c282f13d9378e678a1906157901473d6986f6944c02c74.exe
        "C:\Users\Admin\AppData\Local\Temp\d25428e030108909b6c282f13d9378e678a1906157901473d6986f6944c02c74.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1808

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1204-56-0x000000007FFF0000-0x000000007FFF7000-memory.dmp
      Filesize

      28KB

      Download
    • memory/1808-54-0x0000000000400000-0x0000000000421000-memory.dmp
      Filesize

      132KB

      Download
    • memory/1808-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1808-59-0x0000000010000000-0x0000000010012000-memory.dmp
      Filesize

      72KB

      Download