Analysis

  • max time kernel
    112s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2022, 07:05

General

  • Target

    f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe

  • Size

    43KB

  • MD5

    463c1c8d7a6cb35dfc809528baab94a6

  • SHA1

    428f4a7974215b2f3a1459789f18b6299e7fb5c5

  • SHA256

    f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02

  • SHA512

    c6e883acb1094480b68296d4d8a5764519c1edf126d0a25fc4784275b965a92098c5ad2f73a41cb5847a7e15a71c518ef989bbdcf1e6ad597b7112c062e4a55d

  • SSDEEP

    768:dX/hVXegqr9jqmDfTPbRdn1PgUrXSobAL8qPP0KOIITYvGwItYdgmDqTCyN:zVXegqr9jqgfTPbR/PgUbSUAZ3LvI0vC

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
    "C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3592
    • C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
      "C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe"
      2⤵
        PID:5020

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads