Overview

overview

1

Static

static

21e01b4170...4a.exe

windows7-x64

1

21e01b4170...4a.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    176s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 12:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21e01b4170ab557a4884203216c32660cd2befe6941635907889358db793874a.exe

  • Size

    522KB

  • MD5

    022ac2e635ac89012424f96c77389c6a

  • SHA1

    6e0e7882a6d7d025bd6569cd5be4d28d6f2b3bef

  • SHA256

    21e01b4170ab557a4884203216c32660cd2befe6941635907889358db793874a

  • SHA512

    e6a28a0e0d856f44322eb8548a0a493dc7b9cdb783b0b4c2e2aa5525a8e49627b927d4301e920da2e231270d4c5f6aec8d3e5ed4cdb5476a48c2189501cee96d

  • SSDEEP

    6144:57wzrwvC6VeCpEEdrSSOZ4kmfIWEWvjy1INI9n94U7F/DDkRnFmQy1CrxQqD9RSK:dE8rSrOkmf8Oy6KnYxHy18xQqpx8O5N

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21e01b4170ab557a4884203216c32660cd2befe6941635907889358db793874a.exe
    "C:\Users\Admin\AppData\Local\Temp\21e01b4170ab557a4884203216c32660cd2befe6941635907889358db793874a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Users\Admin\AppData\Local\Temp\21e01b4170ab557a4884203216c32660cd2befe6941635907889358db793874a.exe
      start
      2⤵
        PID:1524
      • C:\Users\Admin\AppData\Local\Temp\21e01b4170ab557a4884203216c32660cd2befe6941635907889358db793874a.exe
        watch
        2⤵
          PID:1536

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1524-138-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1524-135-0x0000000000000000-mapping.dmp

        Download

      • memory/1524-140-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1524-142-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1524-143-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1536-134-0x0000000000000000-mapping.dmp

        Download

      • memory/1536-137-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1536-139-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1536-141-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1536-144-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/4720-133-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/4720-136-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/4720-132-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download