56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
Size

522KB
MD5

45fb732fdf80a70212d2922614eb0d9c
SHA1

13d2c7c913c1e282857fe804f2872f9593d49598
SHA256

56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c
SHA512

224c9ee1e6ba93afbc565c196592cca0a77de2ef45b14438d4fe1ad7735a8320d45f3144550b618882a5b5c2002ca58d0ab0f61b757257463ddce30179393567
SSDEEP

6144:uk/Ak+GUKZhKZheLRyKoui0l4rX2p0xuATStmQy1CrxQqD9RSaSz+8O5NA:DlfhGqR8uXEedy18xQqpx8O5N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe

description	pid	process	target process
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 2044	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
PID 1372 wrote to memory of 1600	1372	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe	56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe

C:\Users\Admin\AppData\Local\Temp\56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
"C:\Users\Admin\AppData\Local\Temp\56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Users\Admin\AppData\Local\Temp\56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
  start
  2⤵
  PID:2044
- C:\Users\Admin\AppData\Local\Temp\56f9c5e3ffa447d397739ae3b98b96a67f159fee950bef7445eba783dbfc251c.exe
  watch
  2⤵
  PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1372-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1372-55-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download
memory/1372-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1600-56-0x0000000000000000-mapping.dmp

Download
memory/1600-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1600-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1600-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2044-57-0x0000000000000000-mapping.dmp

Download
memory/2044-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2044-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2044-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download