6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b

Analysis

max time kernel
80s
max time network
173s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
Size

518KB
MD5

f399c4f99bc05033fb427476f8d6eef0
SHA1

6418aee78c0d6c764fcaa82e378deab972c75b8b
SHA256

6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b
SHA512

0917b9e11a471d7b1b07e4b029749bbbda71921c918f66a990506f9d875c1bcb82c02d531a9628abcc8a364cdbe287dec5d65955e7e6a6ff41d47de352043a29
SSDEEP

6144:NhGDThjD8Y7O0gg01MtbLq+/zaNy6/yegQnhZWCmlw75G9+lLPX9MM8e459KOoWu:8TxBguBLq/1nZKwYYlLPt5oKnWq3ub

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe

description	pid	process	target process
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 1476	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
PID 1772 wrote to memory of 576	1772	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe	6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe

C:\Users\Admin\AppData\Local\Temp\6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
"C:\Users\Admin\AppData\Local\Temp\6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Users\Admin\AppData\Local\Temp\6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
start
2⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\6980a42cdcb577919005616c2a7eb90914a052f281bd122f6cb252b52fe1ea5b.exe
watch
2⤵
PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-55-0x0000000000000000-mapping.dmp

Download
memory/576-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/576-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1476-56-0x0000000000000000-mapping.dmp

Download
memory/1476-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1476-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1772-54-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/1772-57-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download