Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 13:31

General

  • Target

    a044d12cd5251df31c810d402070791e96a768b7a4e965dea78f218001a1e652.exe

  • Size

    518KB

  • MD5

    04c55638ce8cd2bc5c2c5d6e27c62abd

  • SHA1

    2c1477f7997a3356f8ec0dea923f8e81af5b44a8

  • SHA256

    a044d12cd5251df31c810d402070791e96a768b7a4e965dea78f218001a1e652

  • SHA512

    f563efd37097a648b836795b6d3ab21b5a510e6a9a5acd54df8dacfb67f94020701d77dd15e0b32ad75e553e8d3607584a0983f5b830395bf9ccf436fc5ee4bd

  • SSDEEP

    12288:q9klmuZaVmSBYkwPUjASES/ya+WJPwTOEu//GI:MksuZaou6PuAsz+OPwTvu/

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a044d12cd5251df31c810d402070791e96a768b7a4e965dea78f218001a1e652.exe
    "C:\Users\Admin\AppData\Local\Temp\a044d12cd5251df31c810d402070791e96a768b7a4e965dea78f218001a1e652.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Users\Admin\AppData\Local\Temp\a044d12cd5251df31c810d402070791e96a768b7a4e965dea78f218001a1e652.exe
      start
      2⤵
        PID:1652
      • C:\Users\Admin\AppData\Local\Temp\a044d12cd5251df31c810d402070791e96a768b7a4e965dea78f218001a1e652.exe
        watch
        2⤵
          PID:1732

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1208-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

        Filesize

        8KB

      • memory/1208-58-0x0000000000400000-0x000000000048B000-memory.dmp

        Filesize

        556KB

      • memory/1652-56-0x0000000000000000-mapping.dmp

      • memory/1652-60-0x0000000000400000-0x000000000048B000-memory.dmp

        Filesize

        556KB

      • memory/1652-62-0x0000000000400000-0x000000000048B000-memory.dmp

        Filesize

        556KB

      • memory/1732-55-0x0000000000000000-mapping.dmp

      • memory/1732-61-0x0000000000400000-0x000000000048B000-memory.dmp

        Filesize

        556KB

      • memory/1732-63-0x0000000000400000-0x000000000048B000-memory.dmp

        Filesize

        556KB