37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
Size

522KB
MD5

61a09575dc03e0fad106abda3fddefc9
SHA1

6585a8db61d12e15e04ee051dd577e349003deb2
SHA256

37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1
SHA512

41e30f987af5d3ef897dbe7ac0eb65044afdac912fc9f4751acc563378309ed29d844e878472416eea076dce15bef646390224e48e3be8d559285a7253ae8253
SSDEEP

12288:/p/MushTwin8MFGE61y18xQqpx8O5426C:/yuO8jEMatqpx82

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe

description	pid	process	target process
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 1768	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
PID 1204 wrote to memory of 840	1204	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe	37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe

C:\Users\Admin\AppData\Local\Temp\37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
"C:\Users\Admin\AppData\Local\Temp\37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204

C:\Users\Admin\AppData\Local\Temp\37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
start
2⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\37e3fa556471c8ffbfa4530e3ab7c1fd8ed8a7ec3161c4a2e77c33d830951aa1.exe
watch
2⤵
PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/840-56-0x0000000000000000-mapping.dmp

Download
memory/840-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/840-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/840-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1204-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1204-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/1204-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1768-57-0x0000000000000000-mapping.dmp

Download
memory/1768-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1768-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1768-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download