Analysis

  • max time kernel
    22s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2022 17:51

General

  • Target

    f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe

  • Size

    253KB

  • MD5

    20a3b4d6e70e3dbd30faae664ce04280

  • SHA1

    21edc112e5891c1d7a15c5a48ed7e91660bd2922

  • SHA256

    f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd

  • SHA512

    d07602e1cf482e2c7d582c4c2d31c47e8bf52956175030bf88777f258680aee2ba25f0db9761897040dd5ee428a1180219ee02c74dbaccca46acc3e7827a47f0

  • SSDEEP

    6144:kqvag7seJgTObmLbR9JWJWRJYJAqE7yQz:kqSeJgT3RvE+Yy+

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe
    "C:\Users\Admin\AppData\Local\Temp\f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 776
      2⤵
        PID:1292

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1724-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

      Filesize

      8KB

    • memory/1724-55-0x0000000074780000-0x0000000074D2B000-memory.dmp

      Filesize

      5.7MB

    • memory/1724-58-0x0000000074780000-0x0000000074D2B000-memory.dmp

      Filesize

      5.7MB