Analysis
-
max time kernel
38s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 12:03
Static task
static1
Behavioral task
behavioral1
Sample
8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe
Resource
win10v2004-20220812-en
General
-
Target
8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe
-
Size
518KB
-
MD5
cc7e982a374d0938e0037e91d3a830c1
-
SHA1
b867d33f7737d747b2e437837a0c1e4e46642f10
-
SHA256
8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0
-
SHA512
4ea7a6553fd22ebdcd096d624d48476b86f04199db30f2829420e7867cd98aaa03c2ab7da0d02d83b956aae7557b33aa3125608ce3be696ed0c1bffa2e9db4d1
-
SSDEEP
12288:ooverM083NPV4pY71wYYlLPt5oKnWq3Cob:oPM0sopFlLPt5/WvQ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exedescription pid process target process PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 2044 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe PID 1872 wrote to memory of 1352 1872 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe 8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe"C:\Users\Admin\AppData\Local\Temp\8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Users\Admin\AppData\Local\Temp\8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exestart2⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\8de87db07ef8259574531fb556f21acdbcc6c404fd3f46995a7a947b276c03b0.exewatch2⤵PID:1352
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1352-56-0x0000000000000000-mapping.dmp
-
memory/1352-61-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1352-63-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1352-66-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1872-54-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1872-55-0x0000000075841000-0x0000000075843000-memory.dmpFilesize
8KB
-
memory/1872-58-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2044-57-0x0000000000000000-mapping.dmp
-
memory/2044-62-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2044-64-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2044-65-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB