f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2

Analysis

max time kernel
107s
max time network
194s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
Size

518KB
MD5

c6f44a71a5f867d26f78a8429fa8d402
SHA1

d8737fcdfaaee4358d831a2f8fc915f765c646e5
SHA256

f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2
SHA512

4746e16bc5e7222cc2596efc3c827364ff585f07b75238d30a2dc301cc5fa1d26be9b7a18697bc5fceb87c1564e2c6e3b9eaeb8df6b6029ca4b70edfbf5f1d88
SSDEEP

12288:ruwkrSzPrh4A6sVwPUjASES/ya+WJPwTOE3/hJ:iIks6PuAsz+OPwTv3/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe

description	pid	process	target process
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 556	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
PID 108 wrote to memory of 1864	108	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe	f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe

C:\Users\Admin\AppData\Local\Temp\f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
"C:\Users\Admin\AppData\Local\Temp\f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:108

C:\Users\Admin\AppData\Local\Temp\f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
start
2⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\f1c9896a86a5f0bb6bfd0456b3734e8901bf40b3514181762fb67ace58a58ff2.exe
watch
2⤵
PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/108-54-0x0000000075491000-0x0000000075493000-memory.dmp

Filesize
8KB

Download
memory/108-58-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/556-56-0x0000000000000000-mapping.dmp

Download
memory/556-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/556-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/556-64-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1864-55-0x0000000000000000-mapping.dmp

Download
memory/1864-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1864-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1864-65-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download