dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
Size

522KB
MD5

885f346d6b12b70b006089e61158c9b0
SHA1

1be00129024841744822561a9e243f25f5dea7a8
SHA256

dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37
SHA512

cb3da33b037ebde473d455064af3f09b94b269179f945f9771a68811d4cd15386f7e392ff0733d672193fd58933ce675dbe26330b16ff3146d7f0333edc79b5d
SSDEEP

12288:Z5sA0/j4rS5IXqfBe+2CDpwtWsjYO9AtwtS6:ZaAJrdyU8CrkO9qwZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe

description	pid	process	target process
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1892	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
PID 544 wrote to memory of 1984	544	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe	dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe

C:\Users\Admin\AppData\Local\Temp\dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
"C:\Users\Admin\AppData\Local\Temp\dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:544

C:\Users\Admin\AppData\Local\Temp\dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
start
2⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\dd2227953ddcf880e280d0c0fa76c805551301ad59aa0dd645f36c1c68aaee37.exe
watch
2⤵
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/544-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/544-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download
memory/544-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1892-57-0x0000000000000000-mapping.dmp

Download
memory/1892-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1892-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1984-56-0x0000000000000000-mapping.dmp

Download
memory/1984-61-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1984-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download