3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227

Analysis

max time kernel
41s
max time network
86s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
Size

518KB
MD5

089406afb9553708cd45a0825224c7d4
SHA1

f645f82c93b18b8be68f8ce85eb1784759e81b7d
SHA256

3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227
SHA512

ad8c60d3fde2d22a1bae1adb90b770370847fb23ac74cf07d9eec95ee4a76b823c094afe58ddd4c315a24ce47c787a1795641cebf38827ab2b5f1b15dc947b46
SSDEEP

12288:L3g9vTtpge1ATDBcQw33QwPUjASES/ya+WJPwTOEw/1:L3OTtpd1AXBcPPuAsz+OPwTvw/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe

description	pid	process	target process
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 2032	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
PID 1252 wrote to memory of 1372	1252	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe	3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe

C:\Users\Admin\AppData\Local\Temp\3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
"C:\Users\Admin\AppData\Local\Temp\3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252

C:\Users\Admin\AppData\Local\Temp\3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
start
2⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\3728f3b15549a551b4c4c5008692e30baa30f562fabbf80b8df48922ef8f0227.exe
watch
2⤵
PID:1372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1252-54-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download
memory/1252-59-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1372-55-0x0000000000000000-mapping.dmp

Download
memory/1372-60-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1372-63-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2032-56-0x0000000000000000-mapping.dmp

Download
memory/2032-61-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2032-62-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download