Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2022 09:12

General

  • Target

    54c0776fcc9afbb2c70d06e3de3ba0d651c90f15f866800eda92184dc01c44c0.exe

  • Size

    13KB

  • MD5

    c03c3ef6db5dead6f1bf114e07f95b34

  • SHA1

    f3851d1d957334240fcba6ea66db47f3d27c5f1a

  • SHA256

    54c0776fcc9afbb2c70d06e3de3ba0d651c90f15f866800eda92184dc01c44c0

  • SHA512

    4af51a6eaf1c0f386d993cc9a69f451f0d9b53fe71c5602f579d7d17faf32af527daf5cf0e14c766e0ce0deda4c652b9b6d89dc4c6cf5a7d03e25b3b87691477

  • SSDEEP

    192:nMIlgn1IeV5uUuArTiHKBWDkJBGNJE1LYZfYnqrTCt7hOMCbV1TA4cemQj:Nlgn1I4uPAr6KBWAJYAY0b7hTCHJc0j

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54c0776fcc9afbb2c70d06e3de3ba0d651c90f15f866800eda92184dc01c44c0.exe
    "C:\Users\Admin\AppData\Local\Temp\54c0776fcc9afbb2c70d06e3de3ba0d651c90f15f866800eda92184dc01c44c0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\54c0776fcc9afbb2c70d06e3de3ba0d651c90f15f866800eda92184dc01c44c0.exe"
      2⤵
      • Deletes itself
      PID:280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/280-55-0x0000000000000000-mapping.dmp

  • memory/1324-54-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/1324-56-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB