608a1475e1f6c90de598fb31f7dafe02f0b99a15cf16290041ddfc1a6be9464b | Triage

Analysis

max time kernel
78s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2022 12:34

Sharing

Report Analysis Logs

General

Target

6b960e28fa171f1bbb508fc67e75edac.exe
Size

1.6MB
MD5

6b960e28fa171f1bbb508fc67e75edac
SHA1

db603bfd4026a7fb00740d5074f3cf49c8b45a30
SHA256

608a1475e1f6c90de598fb31f7dafe02f0b99a15cf16290041ddfc1a6be9464b
SHA512

fa7612d924c428f2cdd6143442f6705c43d35c395df164436b98f1edc3f017b67b20feffa3d924c5c7e6507b16210ff32637de14079194d89264b8773b1c23b7
SSDEEP

49152:bNQV3rUrb/TLvO90dL3BmAFd4A64nsfJBX45RgVBSLbDD1:S3rJ9S

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

6b960e28fa171f1bbb508fc67e75edac.exe

pid process

2124 6b960e28fa171f1bbb508fc67e75edac.exe
2124 6b960e28fa171f1bbb508fc67e75edac.exe
Suspicious use of WriteProcessMemory 1 IoCs

Processes:

6b960e28fa171f1bbb508fc67e75edac.exe

description pid process target process

PID 2124 wrote to memory of 400 2124 6b960e28fa171f1bbb508fc67e75edac.exe Conhost.exe

C:\Users\Admin\AppData\Local\Temp\6b960e28fa171f1bbb508fc67e75edac.exe
"C:\Users\Admin\AppData\Local\Temp\6b960e28fa171f1bbb508fc67e75edac.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2124

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
2⤵
PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...