1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d

Analysis

max time kernel
25s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
Size

518KB
MD5

4db28656798a3b8b2247015a9c3376ec
SHA1

729bb56a1fcda08665b72b4f93cbcec069c0a598
SHA256

1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d
SHA512

918fb44b2e9905729a8e5f7f94001016ff1018365d4403d3422b7f4f99aafc89ad91ed0df0bd7a4c549639e24acbde8a96b9502c2b94509bfb6a10694de9cfcf
SSDEEP

12288:AsxH6gRidnAiLx0qZxss2vivsn87wYYlLPt5oKnWq3SbC:As0qi5zLx1TsH7lLPt5/WDC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe

description	pid	process	target process
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 684	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
PID 1204 wrote to memory of 948	1204	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe	1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe

C:\Users\Admin\AppData\Local\Temp\1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
"C:\Users\Admin\AppData\Local\Temp\1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204

C:\Users\Admin\AppData\Local\Temp\1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
start
2⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\1bb732f592dd711acc3adf23cdfa971b546062743f3401c5e6f4b22b4aeed44d.exe
watch
2⤵
PID:948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/684-56-0x0000000000000000-mapping.dmp

Download
memory/684-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/684-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/948-55-0x0000000000000000-mapping.dmp

Download
memory/948-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/948-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1204-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/1204-57-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download