6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb

Analysis

max time kernel
64s
max time network
81s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
Size

526KB
MD5

1ae7c99ca564ccfd3e6b787d30a3b69d
SHA1

e939d4a500d55c8f328063fa3043b7a6a8a88511
SHA256

6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb
SHA512

cd996659e97c203909afe3424d646588ad385ae5241ec65661af347611708c46c77f56db3d51715b353105aa6aefe2a254199bd11e0d7ecced2f204840e7c505
SSDEEP

6144:K+2rimjVcndimxiKBTPhaqz59Kh29xGWOQTTGRImQy1CrxQqD9RSaSz+8O5EQs:9PSKnc2T/e29xBO+OEy18xQqpx8O5Eh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe

description	pid	process	target process
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 972	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
PID 1004 wrote to memory of 1376	1004	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe	6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe

C:\Users\Admin\AppData\Local\Temp\6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
"C:\Users\Admin\AppData\Local\Temp\6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1004

C:\Users\Admin\AppData\Local\Temp\6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
start
2⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\6caa4cf41146f10276b1119caf35aa7c726032f400c0c8a2f1be2874702e24cb.exe
watch
2⤵
PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-56-0x0000000000000000-mapping.dmp

Download
memory/972-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/972-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/972-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1004-54-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download
memory/1004-57-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1376-55-0x0000000000000000-mapping.dmp

Download
memory/1376-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1376-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1376-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download