Analysis
-
max time kernel
31s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 12:04
Static task
static1
Behavioral task
behavioral1
Sample
88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe
Resource
win10v2004-20220901-en
General
-
Target
88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe
-
Size
522KB
-
MD5
89c39cc0c47fd89075c2b87069513f15
-
SHA1
a0d2ae90c9bbb81a8b29ee5a3dc07625457f562b
-
SHA256
88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb
-
SHA512
bec84478d8c83292c9104468137ee59136fbe2a2768e24973763de33eecf6adc780d32082d189c39a3d4b5c860a8e335645605b832a99da062b2c608b30df897
-
SSDEEP
12288:6BXMNtYgT6sp7R2AgRwB5mQy18xQqpx8O5d:6BcfYgesp7R2IiQatqpx8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exedescription pid process target process PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1340 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe PID 1428 wrote to memory of 1136 1428 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe 88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe"C:\Users\Admin\AppData\Local\Temp\88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Users\Admin\AppData\Local\Temp\88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exestart2⤵PID:1340
-
C:\Users\Admin\AppData\Local\Temp\88e3630634e2949bd7e493a8d55b36fc878bca83bc426fbee0d6d9028c8fcfdb.exewatch2⤵PID:1136
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1136-56-0x0000000000000000-mapping.dmp
-
memory/1136-60-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1136-63-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1136-66-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1340-57-0x0000000000000000-mapping.dmp
-
memory/1340-59-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1340-64-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1340-65-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1428-54-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/1428-55-0x0000000075011000-0x0000000075013000-memory.dmpFilesize
8KB
-
memory/1428-58-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB