9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
Size

518KB
MD5

379d97b98c345515cf5da80f4d386c39
SHA1

b85fc975231edf7e27a7f117e54462d5a5a1355c
SHA256

9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760
SHA512

7d14e162b69c2af1d9ca5085637278e2fe2e3b03fdcaf9a6cc471e4994b4ecc6b470ecc38903edd92137837842d87410eaf6f4e3eb880807b3b812f0527c0d20
SSDEEP

12288:qg9qw83oRWckhXkvygwYYlLPt5oKnWq3/b4:Z9h8TX+vyhlLPt5/Wu4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe

description	pid	process	target process
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 688	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
PID 1384 wrote to memory of 2044	1384	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe	9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe

C:\Users\Admin\AppData\Local\Temp\9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
"C:\Users\Admin\AppData\Local\Temp\9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Users\Admin\AppData\Local\Temp\9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
  start
  2⤵
  PID:688
- C:\Users\Admin\AppData\Local\Temp\9936a57159c01bb642062c988cfb3a9ac6202d54625230f6f7910095847cf760.exe
  watch
  2⤵
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/688-56-0x0000000000000000-mapping.dmp

Download
memory/688-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/688-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1384-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download
memory/1384-57-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2044-55-0x0000000000000000-mapping.dmp

Download
memory/2044-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2044-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download