751809ed76a376452854c0ede956b6de0ebff135669e081dc9e393b3fd6e3d16 | Triage

Analysis

max time kernel
78s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2022, 21:59

Sharing

Report Analysis Logs

General

Target

fargain.exe
Size

233KB
MD5

bc046532ae61ef0f83cbbe9a7a4bc67b
SHA1

3cbf0d76a65198a7a34334e360010fc64aeab65c
SHA256

751809ed76a376452854c0ede956b6de0ebff135669e081dc9e393b3fd6e3d16
SHA512

98ed4dc3f04388173ac80b0ff19a32c8ee049474bcaa7e59b3198b02c5b34e9b309d4a5a02595d732d5ee37c7399c53419464ec99ca79cefab4ea82789ccc701
SSDEEP

3072:UOElJI4PsdH2ImYR4M4y8Df9iK/j57rUwJMIadfY4oY46dnHWkC:UOELPYH2ImU4Jy8Dfsg3TIohe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 1932	4236	fargain.exe	83
PID 4236 wrote to memory of 1932	4236	fargain.exe	83

C:\Users\Admin\AppData\Local\Temp\fargain.exe
"C:\Users\Admin\AppData\Local\Temp\fargain.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo ""> DME.raw
  2⤵
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DME.raw

Filesize
32KB

MD5
31b62151ce964a2ac36ffdf638ebda75

SHA1
e7f13c56d1cf7c3058bdbc0a667d4d0559ec9efe

SHA256
b876898c495d0fafa397902ffd6cd9a4d70adf2fe53bdc5c94ba5c851c22279f

SHA512
d7b3e2d7639566e36e64a3aabfd9de441e9dd025278c5e8189bdad81a8ed26406dc896f1d60be8027a2d66a3d5e76b05ed39d7c342a7b8d46266ce839c7d9fd5

Download Submit