5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f

Analysis

max time kernel
62s
max time network
93s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
Size

522KB
MD5

7480082b72a71203c50005bc8b12c028
SHA1

b8e4d4de9dc37e7ea7a2378e579feb710c12bee4
SHA256

5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f
SHA512

549a8a9b0b150df67aaa4154909517a8b9e5f236c002affaea959e330e54df8d2d0510f096e2e62150ad578dc6fc456b8f69a399540c60bae32970008f04404d
SSDEEP

6144:J/f2QHxAscSQjdsyBsb4kG1p6QPiMNHZY4oFBku8gQ95mQy1CrxQqD9RSaSz+8O1:E7NSQjdsyX1ykuyy18xQqpx8O5j

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe

description	pid	process	target process
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1032	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
PID 1736 wrote to memory of 1056	1736	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe	5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe

C:\Users\Admin\AppData\Local\Temp\5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
"C:\Users\Admin\AppData\Local\Temp\5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
  start
  2⤵
  PID:1032
- C:\Users\Admin\AppData\Local\Temp\5a4fea89934fa90efc0afd8feccfd5bc534fcddabca4062ff37c1fb68ed5f26f.exe
  watch
  2⤵
  PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-61-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1032-68-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1032-67-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1032-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1032-58-0x0000000000000000-mapping.dmp

Download
memory/1056-57-0x0000000000000000-mapping.dmp

Download
memory/1056-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1056-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1056-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1056-69-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1736-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1736-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1736-56-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1736-55-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download