f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
Size

522KB
MD5

5f3f986bc7a32f192123889d16f898cd
SHA1

e0542548bb66f0441686f123cc23b30f87407328
SHA256

f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f
SHA512

4019d63aa05355fb41edab233bd147326c29b04e3442c12481f882194f3829f3a7a4a01f9ad079f7ec71b93fe326cd0c96cede0f08fefc9a25ee7d6b22ba8c04
SSDEEP

6144:WweQa4i94cRcxwx+8ckwZPHjYC9CUIxkhohncCaqpUxdrZPkTY/210YO9ALuEy+E:dFi9FKBZkkCUhGiCDpwtWsjYO9AtwuP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe

description	pid	process	target process
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1204	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
PID 1348 wrote to memory of 1268	1348	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe	f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe

C:\Users\Admin\AppData\Local\Temp\f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
"C:\Users\Admin\AppData\Local\Temp\f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1348

C:\Users\Admin\AppData\Local\Temp\f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
start
2⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\f2b2a61fc10bfc688db37236fbc0a3cd2f28bf33f00016adbdc2f9a4a0147e8f.exe
watch
2⤵
PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-56-0x0000000000000000-mapping.dmp

Download
memory/1204-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1204-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1204-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1268-55-0x0000000000000000-mapping.dmp

Download
memory/1268-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1268-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1268-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1348-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1348-57-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download