53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0 | Triage

Analysis

max time kernel
201s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
resource tags

arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
submitted
17-07-2022 01:10

Sharing

Report Analysis Logs

General

Target

53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe
Size

6.7MB
MD5

c5435ae3db683f7c02e45f3893749f5c
SHA1

8d1286ac63f8f8d6a0246a2439190fc1d956cc2d
SHA256

53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0
SHA512

feab5a2074db5452fd510adb7c6dddfef9beb64631a6340af4e6dee7bd2a080d69a57c012b5fb0918c354caff54ab6b4b9714330ad256607276c0eb08caa1955

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

Processes:

cmd.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe	cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe

description	pid	process	target process
PID 4984 wrote to memory of 5048	4984	53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe	cmd.exe
PID 4984 wrote to memory of 5048	4984	53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe	cmd.exe
PID 4984 wrote to memory of 5048	4984	53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe
"C:\Users\Admin\AppData\Local\Temp\53052600ea8741fcea59bf190d96ddb815b0cd766d9a21c01734f2228df545d0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4984

C:\Windows\SysWOW64\cmd.exe
cmd /Q /C C:\Users\Admin\AppData\Local\Temp/s.bat
2⤵
- Drops startup file
PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\s.bat
Filesize
323B

MD5
76fce7f50eaf95c182aca1c7bc105b65

SHA1
05e4bf3418bcf2cd7218080a39d194e6c23bc54f

SHA256
9209ecf24f55d568d12f658940a1955736e421399f1a0165c698ed95089341d3

SHA512
b20d7c7ffad30d8631702ab9cde1a01e59bc48a018cff5f26cf6f0124f71136390c2367b7071dae57cc45737ac2bff596d2c73d321c434b170f4ed855797a7e0

Download Submit
memory/5048-130-0x0000000000000000-mapping.dmp

Download