Analysis
-
max time kernel
22s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 17:51
Static task
static1
Behavioral task
behavioral1
Sample
f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe
-
Size
253KB
-
MD5
20a3b4d6e70e3dbd30faae664ce04280
-
SHA1
21edc112e5891c1d7a15c5a48ed7e91660bd2922
-
SHA256
f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd
-
SHA512
d07602e1cf482e2c7d582c4c2d31c47e8bf52956175030bf88777f258680aee2ba25f0db9761897040dd5ee428a1180219ee02c74dbaccca46acc3e7827a47f0
-
SSDEEP
6144:kqvag7seJgTObmLbR9JWJWRJYJAqE7yQz:kqSeJgT3RvE+Yy+
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1724 wrote to memory of 1292 1724 f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe 29 PID 1724 wrote to memory of 1292 1724 f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe 29 PID 1724 wrote to memory of 1292 1724 f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe 29 PID 1724 wrote to memory of 1292 1724 f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe"C:\Users\Admin\AppData\Local\Temp\f252ce7f2f36976a2509d244e8be1bf6904ff7f65c0de890f05e4d5f728959dd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 7762⤵PID:1292
-