Overview

overview

1

Static

static

c4ca738395...d9.exe

windows7-x64

1

c4ca738395...d9.exe

windows10-2004-x64

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4ca738395e7a2ae0b8bd97612c224a6dcc19313fb06d54248cc6038432af8d9.exe

  • Size

    522KB

  • MD5

    918e06bfd42c4f94099bd777e011a44c

  • SHA1

    aedcd49565e1b5e7ca88e9e454512e1a076d4eae

  • SHA256

    c4ca738395e7a2ae0b8bd97612c224a6dcc19313fb06d54248cc6038432af8d9

  • SHA512

    3f1a3cac4895efdcc3798f3692f09f2d2ac8fae94806f3ebce2423ea45c1982a04bc77ffcd3122c12fdb3aa4287514818cbef0d28ac7bce68d0cb03c910bd4c6

  • SSDEEP

    6144:jg6R8MEiJRZpaShYNjsg5bAlSc6MWb3D0pSanFaOa9smcmQy1CrxQqD9RSaSz+83:MNYRZONj7bA1N/hgO9y18xQqpx8O5U

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4ca738395e7a2ae0b8bd97612c224a6dcc19313fb06d54248cc6038432af8d9.exe
    "C:\Users\Admin\AppData\Local\Temp\c4ca738395e7a2ae0b8bd97612c224a6dcc19313fb06d54248cc6038432af8d9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\AppData\Local\Temp\c4ca738395e7a2ae0b8bd97612c224a6dcc19313fb06d54248cc6038432af8d9.exe
      start
      2⤵
        PID:1688
      • C:\Users\Admin\AppData\Local\Temp\c4ca738395e7a2ae0b8bd97612c224a6dcc19313fb06d54248cc6038432af8d9.exe
        watch
        2⤵
          PID:1116

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1116-56-0x0000000000000000-mapping.dmp
        Download
      • memory/1116-60-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1116-64-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1116-66-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1492-54-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1492-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1492-58-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1688-57-0x0000000000000000-mapping.dmp
        Download
      • memory/1688-59-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1688-63-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/1688-65-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download