Analysis
-
max time kernel
112s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
20/11/2022, 07:05
Static task
static1
Behavioral task
behavioral1
Sample
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
Resource
win10v2004-20220901-en
General
-
Target
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
-
Size
43KB
-
MD5
463c1c8d7a6cb35dfc809528baab94a6
-
SHA1
428f4a7974215b2f3a1459789f18b6299e7fb5c5
-
SHA256
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02
-
SHA512
c6e883acb1094480b68296d4d8a5764519c1edf126d0a25fc4784275b965a92098c5ad2f73a41cb5847a7e15a71c518ef989bbdcf1e6ad597b7112c062e4a55d
-
SSDEEP
768:dX/hVXegqr9jqmDfTPbRdn1PgUrXSobAL8qPP0KOIITYvGwItYdgmDqTCyN:zVXegqr9jqgfTPbR/PgUbSUAZ3LvI0vC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3592 wrote to memory of 5020 3592 f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe 82 PID 3592 wrote to memory of 5020 3592 f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe 82 PID 3592 wrote to memory of 5020 3592 f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe"C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe"C:\Users\Admin\AppData\Local\Temp\f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe"2⤵PID:5020
-