4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8

Analysis

max time kernel
36s
max time network
88s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
Size

522KB
MD5

61f8a40f5a50d7c321b77d73093ca562
SHA1

90ed3eec8e9b8a63be00310f2ed0c16341a57d20
SHA256

4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8
SHA512

b845fb265753eaa1f8a286add7749713e0e62875564759d88545e2fc6857fc568ff0071cbd07d1b137cbd2cf2c0d07f4f09eccde3efa3c849ed18a44502cb1f7
SSDEEP

12288:vIYRz8780ZO66T3lwYYlLPt5oKnWq3AbN:vVRzCe93ilLPt5/WJN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe

description	pid	process	target process
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 1820	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
PID 1772 wrote to memory of 268	1772	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe	4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe

C:\Users\Admin\AppData\Local\Temp\4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
"C:\Users\Admin\AppData\Local\Temp\4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Users\Admin\AppData\Local\Temp\4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
start
2⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\4b07e694bddcef27e23dd94db5064abd822e216af28f952cf8a92c0ab7fa73b8.exe
watch
2⤵
PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-55-0x0000000000000000-mapping.dmp

Download
memory/268-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/268-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/268-65-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1772-54-0x0000000075651000-0x0000000075653000-memory.dmp

Filesize
8KB

Download
memory/1772-57-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1820-56-0x0000000000000000-mapping.dmp

Download
memory/1820-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1820-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1820-64-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download