49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e | Triage

Analysis

max time kernel
173s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
12/07/2022, 16:30

Sharing

Report Analysis Logs

General

Target

49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e.exe
Size

15KB
MD5

3f6ff6e228e437417484f853e19c6692
SHA1

d62ed0315cb836c5bd3b4f6fecbc875beb270460
SHA256

49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e
SHA512

57d2cac1d1fdb6510ec733ad6c58f67537420c8f7f40ffb76479f83532043c25bd18719c1ca03c7b6b8fc1f709acfe947eeb56cb161d85b4a4863ab76305f893

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\sa3d2cmk50s6xqp.txt	cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 4020	1256	49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e.exe	80
PID 1256 wrote to memory of 4020	1256	49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e.exe	80
PID 1256 wrote to memory of 4020	1256	49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e.exe	80

C:\Users\Admin\AppData\Local\Temp\49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e.exe
"C:\Users\Admin\AppData\Local\Temp\49802a85a824c65b4a69c188e8026f1df289924c521fdd7d1d9dc46bf7c4b31e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c echo TestUAC> %SystemRoot%\sa3d2cmk50s6xqp.txt
  2⤵
  - Drops file in Windows directory
  PID:4020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads