270ad831206d6391aefa0a0d3b61f502a19ec194524f71043a4d90b485afa3f7 | Triage

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 08:08

Sharing

Report Analysis Logs

General

Target

44435.exe
Size

62KB
MD5

f0eccac3a007ffe9cc85d46bc8d5af97
SHA1

f82fcd4a67b3a74684b3f0f921959065c7b41d10
SHA256

78fec2d4b4193d10fb81dfa4fb2c2d583fc97ede84d8c5ddd161508d5cb378bd
SHA512

0f30fa8b2bbd4eedac4d89c59288e9513904fa792cd62f5197f50ee63c10c43f5af1ea28eaa7b01e1de7720f435d048174a56aab492cd2934584e3703946a2ea
SSDEEP

1536:AvCT3nPCUlrsobbEp3OT2iXAOTqOTSHpiF:h3PtgobEMKiXNbHF

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2044	44435.exe
2044	44435.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1340	2044	44435.exe	10
PID 2044 wrote to memory of 1340	2044	44435.exe	10
PID 2044 wrote to memory of 1340	2044	44435.exe	10
PID 2044 wrote to memory of 1340	2044	44435.exe	10

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1340
- C:\Users\Admin\AppData\Local\Temp\44435.exe
  "C:\Users\Admin\AppData\Local\Temp\44435.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-56-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/2044-54-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2044-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download
memory/2044-59-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download