ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698

Analysis

max time kernel
74s
max time network
107s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
Size

526KB
MD5

8219aa42f82377b117177776fb4bb564
SHA1

44100e78e333ace51b999bef2297975fe785f816
SHA256

ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698
SHA512

b115061dac691df588e963756d860918a06cc2a0e802a73d059150bd5f3fc226dfc831f03c90e02ad36db11576d9ff0744a5ea1656d0c8af0aaedcae2984f54d
SSDEEP

6144:gHiAWc7vF3qGiwi91F9J44C81YYPoxWiyjMrxgcri0nmQy1CrxQqD9RSaSz+8O5+:eDWayugUZhri0ty18xQqpx8O5mH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe

description	pid	process	target process
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 992	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
PID 2028 wrote to memory of 944	2028	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe	ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe

C:\Users\Admin\AppData\Local\Temp\ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
"C:\Users\Admin\AppData\Local\Temp\ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
  start
  2⤵
  PID:992
- C:\Users\Admin\AppData\Local\Temp\ba8be232176e3968e45c7ea7f0c7c70b9151e4b65c76866a4fbc7dfc4c2a4698.exe
  watch
  2⤵
  PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/944-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/944-70-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/944-56-0x0000000000000000-mapping.dmp

Download
memory/944-67-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/944-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/992-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/992-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/992-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/992-68-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/992-69-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/992-57-0x0000000000000000-mapping.dmp

Download
memory/2028-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2028-55-0x00000000765A1000-0x00000000765A3000-memory.dmp

Filesize
8KB

Download
memory/2028-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download