Analysis
-
max time kernel
52s -
max time network
75s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 12:04
Static task
static1
Behavioral task
behavioral1
Sample
8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe
Resource
win10v2004-20220812-en
General
-
Target
8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe
-
Size
518KB
-
MD5
d5c223810fb8e07783a1740c1ce4bec3
-
SHA1
a671418be506effec0a93d4da7c6a2afed832a83
-
SHA256
8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0
-
SHA512
4d5e72eb92156bef806717ddb28eabe95e7808252d44afbac5e0a356df1b97ab5ed619027e6955ec5d5efadd1ae5de6d2c4a330d497913408db6f9edc72cdd95
-
SSDEEP
12288:gwKQnJdZyQDjAKqkUwWrwYYlLPt5oKnWq3Yb:fKAJ6QDjALtOlLPt5/WN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exedescription pid process target process PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2040 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe PID 1272 wrote to memory of 2028 1272 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe 8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe"C:\Users\Admin\AppData\Local\Temp\8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1272 -
C:\Users\Admin\AppData\Local\Temp\8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exestart2⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\8ac44a4c929862523227c09b011474dd5018957396d57e5c647b6c800fe2c2e0.exewatch2⤵PID:2028
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1272-54-0x0000000075C41000-0x0000000075C43000-memory.dmpFilesize
8KB
-
memory/1272-57-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2028-55-0x0000000000000000-mapping.dmp
-
memory/2028-60-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2028-63-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2040-56-0x0000000000000000-mapping.dmp
-
memory/2040-61-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/2040-62-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB