b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
Size

518KB
MD5

d3968a638311acd903e5f641bd31b9e5
SHA1

081d1954a4b2f903c17c51e55126a49055a45101
SHA256

b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38
SHA512

4e8fba635c00b4195754ea13907b64b52118d9d0c56f4c06928e9f0b9ed1587d03e5f58e64cffdc5c4d5c5c24c23706880172e5ccb1b493bf2f9cc4ce1a772ab
SSDEEP

12288:kyid+P5M4c03cbe/ZKwYYlLPt5oKnWq3sb:knwP5Htk2lLPt5/WB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe

description	pid	process	target process
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1292	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
PID 896 wrote to memory of 1492	896	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe	b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe

C:\Users\Admin\AppData\Local\Temp\b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
"C:\Users\Admin\AppData\Local\Temp\b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:896
- C:\Users\Admin\AppData\Local\Temp\b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
  start
  2⤵
  PID:1292
- C:\Users\Admin\AppData\Local\Temp\b8b763826ac1745d4b3568771961bd31277e15089070c9df10cc0a7fde061e38.exe
  watch
  2⤵
  PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-54-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/896-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/896-58-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1292-57-0x0000000000000000-mapping.dmp

Download
memory/1292-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1292-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1492-56-0x0000000000000000-mapping.dmp

Download
memory/1492-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1492-64-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download