6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
Size

522KB
MD5

5fa8c54bd7273c9fc300d5a2dc75d93b
SHA1

63c5931a6a13ca2411f1848f29863042ca7626f3
SHA256

6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00
SHA512

45dfc2055255671e56b516f2c3cf48458878cc877c54cdd9bdd4309b7f41253cc942e748e460e26e0367fc7a60ff0ba15f19222456cbc60794bcbba3dffabdb5
SSDEEP

12288:clv5d2H6cD1ERP6olwYYlLPt5oKnWq36z8bd:cZ41YP6oilLPt5/WFwd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe

description	pid	process	target process
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1288	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
PID 1380 wrote to memory of 1188	1380	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe	6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe

C:\Users\Admin\AppData\Local\Temp\6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
"C:\Users\Admin\AppData\Local\Temp\6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380

C:\Users\Admin\AppData\Local\Temp\6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
start
2⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\6aaf2738a96bd8c0b7568b45434dbaf3d911b3344dd780222e335dca40761d00.exe
watch
2⤵
PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1188-55-0x0000000000000000-mapping.dmp

Download
memory/1188-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1188-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1188-64-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1288-56-0x0000000000000000-mapping.dmp

Download
memory/1288-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1288-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1380-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/1380-57-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download