54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09

Analysis

max time kernel
25s
max time network
70s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
Size

524KB
MD5

4551a74520551897901cc1b307ea19c5
SHA1

a0bf693fc2b90ec3a3100895e3eee0a9a7919c96
SHA256

54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09
SHA512

94081bfba625a048ac57ef391a84cdd5c08ab18a182edbe503cf461d3cb9c81c2b0903d439be131f67baf0529954fd2f67a33fc6ceaa38de904f3c267327ed75
SSDEEP

12288:cFAICHLdr+nZMwEXnWv4bON/uL63PTb/g0OJp/BbX:NqZ2GOy/uE/Qfpj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe

description	pid	process	target process
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 936	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
PID 1776 wrote to memory of 776	1776	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe	54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe

C:\Users\Admin\AppData\Local\Temp\54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
"C:\Users\Admin\AppData\Local\Temp\54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1776

C:\Users\Admin\AppData\Local\Temp\54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
start
2⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\54c109ac58e412609a7d21460cd64e9f22dc0ce5ddba17b8808c07289c995e09.exe
watch
2⤵
PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-55-0x0000000000000000-mapping.dmp

Download
memory/776-61-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/776-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/776-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/936-56-0x0000000000000000-mapping.dmp

Download
memory/936-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/936-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/936-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1776-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1776-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download