Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 12:52
Static task
static1
Behavioral task
behavioral1
Sample
e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe
Resource
win10v2004-20220812-en
General
-
Target
e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe
-
Size
522KB
-
MD5
363f1721fb2116e48f26c2129f80af84
-
SHA1
645842a28aad4d7de562cdfa6adf17bea8d5ef53
-
SHA256
e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3
-
SHA512
9c1cd3c08e124f9454d3cb175101020e8a639eb7ecef4186ae06f58c3db710ff67a251afea93c816042d4fa0b870563d38e5b11cf8d874431ecb13b9639501ef
-
SSDEEP
12288:bqPZrSAeK2FDLPhPFyNmwZucu8y18xQqpx8O5r:bucA3YnPHyJZuc9atqpx8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exedescription pid process target process PID 3044 wrote to memory of 8 3044 e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe PID 3044 wrote to memory of 8 3044 e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe PID 3044 wrote to memory of 8 3044 e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe PID 3044 wrote to memory of 3336 3044 e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe PID 3044 wrote to memory of 3336 3044 e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe PID 3044 wrote to memory of 3336 3044 e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe"C:\Users\Admin\AppData\Local\Temp\e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exestart2⤵
-
C:\Users\Admin\AppData\Local\Temp\e30562cbce35c1dd04704d57fe9da3a705db033ee5bd04fc6953ad64ee0dbeb3.exewatch2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/8-134-0x0000000000000000-mapping.dmp
-
memory/8-137-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/8-139-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/8-140-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/3044-132-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/3044-135-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/3336-133-0x0000000000000000-mapping.dmp
-
memory/3336-136-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/3336-138-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB
-
memory/3336-141-0x0000000000400000-0x000000000048C000-memory.dmpFilesize
560KB