Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 13:37
Static task
static1
Behavioral task
behavioral1
Sample
9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe
Resource
win10v2004-20220812-en
General
-
Target
9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe
-
Size
524KB
-
MD5
155f7bad3a8858072b6562941d30e171
-
SHA1
45d6d54fc903183c1b703e7449d98b50a1152329
-
SHA256
9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591
-
SHA512
524edc1009d7437f2ccb3a8bbce33b7c75e78a48552b7df455d2aa18f460aa1b74153fa8611faedd3ac9584bb682fd01c24154d758e5430e444e10eff46cac35
-
SSDEEP
12288:XK6TaHqacpjhsC0VEVzvBVKXCuapzDBG:NmipWXVEVzvSXCXD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exedescription pid process target process PID 1784 wrote to memory of 1944 1784 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe PID 1784 wrote to memory of 1944 1784 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe PID 1784 wrote to memory of 1944 1784 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe PID 1784 wrote to memory of 1944 1784 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe 9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe"C:\Users\Admin\AppData\Local\Temp\9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Users\Admin\AppData\Local\Temp\9511f8fe77e7fbe5bd83826d8df937613c34effe1047b46fa3578f54edc22591.exetear2⤵PID:1944
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1784-54-0x00000000753C1000-0x00000000753C3000-memory.dmpFilesize
8KB
-
memory/1784-56-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB
-
memory/1944-55-0x0000000000000000-mapping.dmp
-
memory/1944-57-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB
-
memory/1944-59-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB
-
memory/1944-60-0x0000000000400000-0x000000000048E000-memory.dmpFilesize
568KB