Analysis
-
max time kernel
188s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:58
Static task
static1
Behavioral task
behavioral1
Sample
b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe
Resource
win10v2004-20221111-en
General
-
Target
b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe
-
Size
522KB
-
MD5
111c8d69260f43fde34b5633ce5732d1
-
SHA1
f15b650bbf14b8906359dd03d5535167fdd364e2
-
SHA256
b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24
-
SHA512
7c31b46b9bf22e5c781767e42060cb3e4a4fd2545dc854f3a7e3e1abaa2fca09d902307b0209cca42fd86477ec24e48b68db909a6141a4f63d3f03de5ecbe383
-
SSDEEP
6144:ASYBBeFUqqOFvemQKtNA3sgpstzkK8/glL6UiG2OxQ0879mQy1CrxQqD9RSaSz+D:fhgOFGmE3ekftsmH7/y18xQqpx8O5o
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exedescription pid process target process PID 2896 wrote to memory of 828 2896 b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe PID 2896 wrote to memory of 828 2896 b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe PID 2896 wrote to memory of 828 2896 b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe PID 2896 wrote to memory of 1080 2896 b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe PID 2896 wrote to memory of 1080 2896 b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe PID 2896 wrote to memory of 1080 2896 b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe"C:\Users\Admin\AppData\Local\Temp\b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Users\Admin\AppData\Local\Temp\b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exestart2⤵PID:828
-
C:\Users\Admin\AppData\Local\Temp\b1e93a177adc06561dcd28c5cad27b8c0ca6b6b0030a0c9294f7a68570e38c24.exewatch2⤵PID:1080
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/828-138-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/828-135-0x0000000000000000-mapping.dmp
-
memory/828-139-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/828-141-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/828-143-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1080-134-0x0000000000000000-mapping.dmp
-
memory/1080-137-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1080-140-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1080-142-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1080-144-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/2896-133-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/2896-136-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/2896-132-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB