Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 14:30
Static task
static1
Behavioral task
behavioral1
Sample
41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe
Resource
win10v2004-20220901-en
General
-
Target
41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe
-
Size
518KB
-
MD5
950e0a53dded9765aea15995f74f6d29
-
SHA1
42459175c8880d7b9c2077cf5e395277a3c03b02
-
SHA256
41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd
-
SHA512
9b2afc2ff8098acf6dd2fac202fc142656f537595c0b0438681ab8633d331d0eda07520be4b837619f60db59615480db0a83f860063dc8ad0c09689b800d4b98
-
SSDEEP
12288:x8ODTXqw/EXY9iwwPUjASES/ya+WJPwTOEi/lP:xT6c3knPuAsz+OPwTvi/l
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes:
41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exedescription pid process target process PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1076 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe PID 1956 wrote to memory of 1756 1956 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe 41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe"C:\Users\Admin\AppData\Local\Temp\41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Users\Admin\AppData\Local\Temp\41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exestart2⤵PID:1076
-
C:\Users\Admin\AppData\Local\Temp\41489a0396bbe2f3c9a59c8ec62206c84468a9f3d494b801d8ae2fa5601228fd.exewatch2⤵PID:1756
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1076-56-0x0000000000000000-mapping.dmp
-
memory/1076-61-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1076-62-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1756-55-0x0000000000000000-mapping.dmp
-
memory/1756-60-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1756-63-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB
-
memory/1956-54-0x0000000075141000-0x0000000075143000-memory.dmpFilesize
8KB
-
memory/1956-59-0x0000000000400000-0x000000000048B000-memory.dmpFilesize
556KB