5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6

Analysis

max time kernel
258s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
Size

522KB
MD5

17a815d6d8e138ad5104d571eec13fbc
SHA1

f3d731bfedb4eca9d4e324fea4e56d65735cfe11
SHA256

5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6
SHA512

7f6c9dfffe13b3726fdb2f011f37ac8cf7413f0d679ddc1b7d3a80a4f3011f419289d6b667b1e8083cb25eb56330ec3397e004c0ebabaeaa72e8a8328c34542b
SSDEEP

12288:4pKPHVcq0AHMHIeYCZ5zY2IDy18xQqpx8O5Ri:4uLpeYCZl+atqpx8P

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe

description	pid	process	target process
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 2008	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
PID 652 wrote to memory of 1716	652	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe	5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe

C:\Users\Admin\AppData\Local\Temp\5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
"C:\Users\Admin\AppData\Local\Temp\5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:652

C:\Users\Admin\AppData\Local\Temp\5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
start
2⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\5fd309a9a27732c60e6519f9c1d1c9f48ffda3b650aaf885b64ab9aa377888e6.exe
watch
2⤵
PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/652-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/652-55-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download
memory/652-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1716-56-0x0000000000000000-mapping.dmp

Download
memory/1716-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1716-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1716-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2008-57-0x0000000000000000-mapping.dmp

Download
memory/2008-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2008-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2008-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download