af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe
Size

73KB
MD5

79155999f67edfb7224d8a03dfe294c5
SHA1

914a50f8f01b9c4ecb8c542166a1a1c2a96f12d3
SHA256

af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e
SHA512

08bf76e0a1b4c50a9f903881732effc34a14b8a22c0af7469096995f85e0e856e9f7ab89cd1a71a9888036fecb6574c74f31520f8aa70a2a80d0e8f78f0c93cd
SSDEEP

1536:HbB1UYK5QPqfhVWbdsmA+RjPFLC+e5hM0ZGUGf2g:Hl1ZNPqfcxA+HFshMOg

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
844	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1740	cmd.exe
1740	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1740	1348	af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe	27
PID 1348 wrote to memory of 1740	1348	af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe	27
PID 1348 wrote to memory of 1740	1348	af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe	27
PID 1348 wrote to memory of 1740	1348	af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe	27
PID 1740 wrote to memory of 844	1740	cmd.exe	28
PID 1740 wrote to memory of 844	1740	cmd.exe	28
PID 1740 wrote to memory of 844	1740	cmd.exe	28
PID 1740 wrote to memory of 844	1740	cmd.exe	28
PID 844 wrote to memory of 1312	844	[email protected]	29
PID 844 wrote to memory of 1312	844	[email protected]	29
PID 844 wrote to memory of 1312	844	[email protected]	29
PID 844 wrote to memory of 1312	844	[email protected]	29

C:\Users\Admin\AppData\Local\Temp\af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe
"C:\Users\Admin\AppData\Local\Temp\af743dd26941b7af0b2323199c0dd0f54a0d42bc3f8d5b507d91666f1c5cc24e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:844
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
4d1b5e9feb85b59a1239a51b2fd78ead

SHA1
8c4e7a9e9e6260075ed41de833fe0d6d53f598a2

SHA256
17194b295fbc56c2dac2fdc6acb86065fa1a70532f5e09b647c8f0750ba0e8a1

SHA512
701b6f21c49f531e09a6c3b7b1c9f1f921021d2be304a3a4dc2227ac88ecd55f156c1a27a2565ffb0f501b40e5cce23f700278abc901fca2e83eed4e6c7e806c

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
4d1b5e9feb85b59a1239a51b2fd78ead

SHA1
8c4e7a9e9e6260075ed41de833fe0d6d53f598a2

SHA256
17194b295fbc56c2dac2fdc6acb86065fa1a70532f5e09b647c8f0750ba0e8a1

SHA512
701b6f21c49f531e09a6c3b7b1c9f1f921021d2be304a3a4dc2227ac88ecd55f156c1a27a2565ffb0f501b40e5cce23f700278abc901fca2e83eed4e6c7e806c

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
4d1b5e9feb85b59a1239a51b2fd78ead

SHA1
8c4e7a9e9e6260075ed41de833fe0d6d53f598a2

SHA256
17194b295fbc56c2dac2fdc6acb86065fa1a70532f5e09b647c8f0750ba0e8a1

SHA512
701b6f21c49f531e09a6c3b7b1c9f1f921021d2be304a3a4dc2227ac88ecd55f156c1a27a2565ffb0f501b40e5cce23f700278abc901fca2e83eed4e6c7e806c

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
4d1b5e9feb85b59a1239a51b2fd78ead

SHA1
8c4e7a9e9e6260075ed41de833fe0d6d53f598a2

SHA256
17194b295fbc56c2dac2fdc6acb86065fa1a70532f5e09b647c8f0750ba0e8a1

SHA512
701b6f21c49f531e09a6c3b7b1c9f1f921021d2be304a3a4dc2227ac88ecd55f156c1a27a2565ffb0f501b40e5cce23f700278abc901fca2e83eed4e6c7e806c

Download Submit
memory/844-58-0x0000000000000000-mapping.dmp

Download
memory/1312-60-0x0000000000000000-mapping.dmp

Download
memory/1740-54-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads