5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9

Analysis

max time kernel
41s
max time network
98s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
Size

522KB
MD5

fbfcbca1230926e0d7736fbb5a4aedc1
SHA1

83e8d9ec63b96ffbbdf51887ebac2ab342f884a8
SHA256

5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9
SHA512

67e463ef2a93f1003487926e9d7fb81a44b266106aa4bdd5c439ab239a7d737f8c09bf2279cc35865464e438c49f2e70e947c9771f98bf943a00b59b90a4ecc2
SSDEEP

6144:6NnLafA2rjyfdCfPw90qcji/XfsRqmEzWdnMz4sQJlt1mQy1CrxQqD9RSaSz+8Ox:+LaxrzHzLR0+MMJJfy18xQqpx8O5Xx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe

description	pid	process	target process
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 968	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
PID 1324 wrote to memory of 960	1324	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe	5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe

C:\Users\Admin\AppData\Local\Temp\5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
"C:\Users\Admin\AppData\Local\Temp\5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\Temp\5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
start
2⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\5bbd9d23c6682b404608a5325d1d29c0fbde1fd0ac65cf3006fd8ac0859f60c9.exe
watch
2⤵
PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/960-70-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/960-56-0x0000000000000000-mapping.dmp

Download
memory/960-67-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/960-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/960-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/968-57-0x0000000000000000-mapping.dmp

Download
memory/968-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/968-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/968-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/968-68-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/968-69-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1324-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1324-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1324-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download