944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
Size

522KB
MD5

d36cf5a88014b1e70a93360eb0780ad8
SHA1

2f95e1bd73b07e582513b084fe02588cb7f44139
SHA256

944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df
SHA512

0d051a12e993445f72d0050e172ebb647b0e265364a80b6806835c2edb988e46d1074f4298aac204dcfbde5ac445d95af1abea4ab3b680f7f544606c17032eac
SSDEEP

6144:wg8Ls5SNDZTtyDH2dJVgoucqFLiYjioOUkG5wg+FV8hkPCI4mQy1CrxQqD9RSaSc:CTlPmz/ZiY+oVKTHsw0y18xQqpx8O59

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe

description	pid	process	target process
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 2028	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
PID 1280 wrote to memory of 804	1280	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe	944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe

C:\Users\Admin\AppData\Local\Temp\944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
"C:\Users\Admin\AppData\Local\Temp\944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280

C:\Users\Admin\AppData\Local\Temp\944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
start
2⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\944cd6b2ed97643971bf0af8711cd7e37a0d0660c51c0300e7b2bc542b40e5df.exe
watch
2⤵
PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-56-0x0000000000000000-mapping.dmp

Download
memory/804-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/804-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/804-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1280-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1280-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download
memory/1280-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2028-57-0x0000000000000000-mapping.dmp

Download
memory/2028-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2028-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2028-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download