002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7

Analysis

max time kernel
47s
max time network
59s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
Size

522KB
MD5

5877a76720061676c3041974a0965bd3
SHA1

8222d87d131113d866f77ff9f5cb2c624cff7cbd
SHA256

002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7
SHA512

bda663b0698069360f993a9f20ce151306cf70ed7d889ce681b74c892752f55bfb04cd0371e15316ef4576130608e5103cbec5971ff68a091cbb113ae93ec3ef
SSDEEP

6144:VWRxm+5C7T2oEFFOGfJWRqWdiGtvHIPcS48wlw75G9+lLPX9MM8e459KOoWqe6wS:YRx9l+EzGt/IPgzwYYlLPt5oKnWq3Ub2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe

description	pid	process	target process
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 2040	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
PID 1232 wrote to memory of 1224	1232	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe	002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe

C:\Users\Admin\AppData\Local\Temp\002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
"C:\Users\Admin\AppData\Local\Temp\002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232

C:\Users\Admin\AppData\Local\Temp\002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
start
2⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\002d7fa1e8bbed28710d2c1c453a58e019ef30b99c11f462b2e832b32e1515c7.exe
watch
2⤵
PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-56-0x0000000000000000-mapping.dmp

Download
memory/1224-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1224-64-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1232-54-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1232-55-0x0000000074C41000-0x0000000074C43000-memory.dmp

Filesize
8KB

Download
memory/1232-58-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2040-57-0x0000000000000000-mapping.dmp

Download
memory/2040-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2040-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download