Analysis
-
max time kernel
174s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:58
Static task
static1
Behavioral task
behavioral1
Sample
ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe
Resource
win10v2004-20221111-en
General
-
Target
ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe
-
Size
533KB
-
MD5
375cea8b6b4570754ccce8c3228af61e
-
SHA1
a23ad29726c54fa036f7b2901550a8c5caf44123
-
SHA256
ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884
-
SHA512
7e0bd7dc32d66aace12dade6aa90916c31613af1e766b30962f9ace0e72c1171976561f64a8f8a4c48f7873b030630b2d79747e9743b2c5f9b6781ed7915122b
-
SSDEEP
6144:ytJZmHixVSkehTbi2Nd6P2nN1f0ZugZ8oVzwU1hmAA7i62r7ybh+tMLpM0eIUPJg:ythObii6+nNN00NSAG68PPo3C0lZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exedescription pid process target process PID 1788 wrote to memory of 1232 1788 ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe PID 1788 wrote to memory of 1232 1788 ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe PID 1788 wrote to memory of 1232 1788 ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe PID 1788 wrote to memory of 4360 1788 ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe PID 1788 wrote to memory of 4360 1788 ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe PID 1788 wrote to memory of 4360 1788 ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe"C:\Users\Admin\AppData\Local\Temp\ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Users\Admin\AppData\Local\Temp\ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exestart2⤵PID:1232
-
C:\Users\Admin\AppData\Local\Temp\ae0def3e4efb7d88f7e18a5d939aba4615f3e7753c8143a796ef4328f3331884.exewatch2⤵PID:4360
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1232-134-0x0000000000000000-mapping.dmp
-
memory/1232-136-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/1232-139-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/1232-140-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/1788-132-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/1788-135-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/4360-133-0x0000000000000000-mapping.dmp
-
memory/4360-137-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/4360-138-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB
-
memory/4360-141-0x0000000000400000-0x000000000048D000-memory.dmpFilesize
564KB