Analysis
-
max time kernel
155s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 12:51
Static task
static1
Behavioral task
behavioral1
Sample
e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe
Resource
win10v2004-20221111-en
General
-
Target
e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe
-
Size
524KB
-
MD5
90222dfe3cb4c4f1bac776e7967f15a9
-
SHA1
f2a537309693ab58de72cc8f0ab6b8c93cbbac00
-
SHA256
e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709
-
SHA512
e653c2d351d3c0c99d4fe8316f8928b854c1731811084fed57d2f56f46c6afc2c93bd411cc9453810741589c95ea404c26c7fa772b0128741d6394a7a8851ca1
-
SSDEEP
12288:b+M5Ayy0AxtNaBD5EIZO3MVzvBVKXCuapzDBG:Styy08NaXxZDVzvSXCXD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exedescription pid process target process PID 2252 wrote to memory of 116 2252 e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe PID 2252 wrote to memory of 116 2252 e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe PID 2252 wrote to memory of 116 2252 e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe"C:\Users\Admin\AppData\Local\Temp\e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\e44ad20bf937d1bddde4c0fb42ea31213e1b43e2742abb4cb5805568a8f0a709.exetear2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/116-132-0x0000000000000000-mapping.dmp
-
memory/116-134-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB
-
memory/116-135-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB
-
memory/116-136-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB
-
memory/2252-133-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB