dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
Size

522KB
MD5

b207f14403c11c25c358bbdc77fd673c
SHA1

8a7d815257044810191bb32f2d63647f6fb9ada7
SHA256

dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf
SHA512

ec5855e1c551a6ccae3a9a70596827fe57b8275b5d0b43fdaaed0cd9cca2786584b299763dd6bfce60c3dc1440ba010d1c64025ff2aad07365abc6d863784fa0
SSDEEP

6144:Kx+qeTH+BjqRMD/+dgfDMjYIe0/fML39CWmQy1CrxQqD9RSaSz+8O5EfzW:fHOU/dgme1y18xQqpx8O5Er

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe

description	pid	process	target process
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1568	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
PID 536 wrote to memory of 1944	536	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe	dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe

C:\Users\Admin\AppData\Local\Temp\dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
"C:\Users\Admin\AppData\Local\Temp\dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Users\Admin\AppData\Local\Temp\dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
start
2⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\dee60e3d3e912fa665a2ea357b9a447508b63929cd8d80a03285354e83f4b7bf.exe
watch
2⤵
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/536-54-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/536-57-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/536-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1568-56-0x0000000000000000-mapping.dmp

Download
memory/1568-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1568-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1568-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1944-55-0x0000000000000000-mapping.dmp

Download
memory/1944-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1944-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1944-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download