Analysis
-
max time kernel
16s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 11:10
Static task
static1
Behavioral task
behavioral1
Sample
96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe
Resource
win10v2004-20221111-en
General
-
Target
96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe
-
Size
526KB
-
MD5
cf8eaeda5cdf5396a2e90c8b0435d332
-
SHA1
16dccf802bc4a17ab9293b2b9d8314e55cd51281
-
SHA256
96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc
-
SHA512
159ebe755348fc34d5e5af16842a1f6e43b55003ae296c50597b5c0e509b231e1fbdb8abdc9e4bf4079be9c31f66f666cbf34a270b3c8784e6b2f2914e6f5b63
-
SSDEEP
12288:KWw3HqnGf3OeUUIBcUEzCDpwtWsjYO9AtwJtv:Kd3H1/Oe6cU/CrkO9qw3v
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exedescription pid process target process PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1984 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe PID 2028 wrote to memory of 1016 2028 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe 96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe"C:\Users\Admin\AppData\Local\Temp\96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Users\Admin\AppData\Local\Temp\96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exestart2⤵PID:1984
-
C:\Users\Admin\AppData\Local\Temp\96259c9a4ff6408c02aef1526e13b47ec2f37767182c12dee042d7beee4ceafc.exewatch2⤵PID:1016