85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
Size

521KB
MD5

03501bf44567649a31ab55a9a6a2b6e5
SHA1

830e93466c006421f7a7a6218feffca6e2ef5827
SHA256

85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241
SHA512

bd7fb1a6ddfcd21c1bc356b0b36eb0dac68e8ca193891b3bde7a7bec6eda30c7f317d6aee0d73592027e5d4a5432da695dd674fc63bee47afe9048e0e1475477
SSDEEP

12288:CwW+ilPmIPM+RPfQQuTcMX9uOFLRB3dUEJQhGfRIDo+0jp6QkrnU:n6Qd+KcWpNUE/SY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe

description	pid	process	target process
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1708	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
PID 1976 wrote to memory of 1172	1976	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe	85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe

C:\Users\Admin\AppData\Local\Temp\85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
"C:\Users\Admin\AppData\Local\Temp\85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
start
2⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\85aa84a70e5f408b0754bd44a86380e4022087737c27b463c0eb2a2c51853241.exe
watch
2⤵
PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-55-0x0000000000000000-mapping.dmp

Download
memory/1172-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1172-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1708-56-0x0000000000000000-mapping.dmp

Download
memory/1708-61-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1708-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1976-54-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download
memory/1976-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download