541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219 | Triage

Analysis

max time kernel
28s
max time network
15s
platform
windows7_x64
resource
win7-20220414-en
submitted
15-07-2022 09:00

Sharing

Report Analysis Logs

General

Target

541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe
Size

6.3MB
MD5

aa4e99b717bcb7e916148a469e69788a
SHA1

42fc554d8442a78a48dc624d3de59ae4515eed6d
SHA256

541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219
SHA512

c6127eb47a24df060e8d81f95dd3fd4d0118b6fefbd38b25e6f23ac11f4ebdd0eecb61ddd79ef0cc9c4e52cdd36e823f99d5be389141f5ac9cead1b95d33f4ca

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.execmd.exe

description	pid	process	target process
PID 1984 wrote to memory of 1260	1984	541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe	cmd.exe
PID 1984 wrote to memory of 1260	1984	541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe	cmd.exe
PID 1984 wrote to memory of 1260	1984	541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe	cmd.exe
PID 1260 wrote to memory of 1324	1260	cmd.exe	net.exe
PID 1260 wrote to memory of 1324	1260	cmd.exe	net.exe
PID 1260 wrote to memory of 1324	1260	cmd.exe	net.exe

C:\Users\Admin\AppData\Local\Temp\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe
"C:\Users\Admin\AppData\Local\Temp\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\system32\cmd.exe
cmd /C "net use \\10.10.3.42\c$ 23AS32df21 /user:adm-karsair"
2⤵
- Suspicious use of WriteProcessMemory
PID:1260

C:\Windows\system32\net.exe
net use \\10.10.3.42\c$ 23AS32df21 /user:adm-karsair
3⤵
PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1260-54-0x0000000000000000-mapping.dmp

Download
memory/1324-55-0x0000000000000000-mapping.dmp

Download