Overview

overview

1

Static

static

53d7984e81...db.exe

windows7-x64

1

53d7984e81...db.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53d7984e8151340ea51959e04d4de5c9eef8162cbd5fb280b260549f52113adb.exe

  • Size

    8KB

  • MD5

    ca48b3c5ac628a0a8b882a1828bbe147

  • SHA1

    6337012220591c8ea2f95368370aac01d4dda6cd

  • SHA256

    53d7984e8151340ea51959e04d4de5c9eef8162cbd5fb280b260549f52113adb

  • SHA512

    f01992f896d1f72a853a7ff55427d3266424cae25228db9ea6576de78e6e1a2d0a28955041209926a3f84c51cb13124062f111436a597567bad0988914f7a081

  • SSDEEP

    96:2GxDY8dSsD1qVLHcaLFI1mhpC4zAjGhLz8F4an7rZMZ/8aHgGMyZzNt:7Ym7cLFIcLLzNhLoF4anfZKEK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53d7984e8151340ea51959e04d4de5c9eef8162cbd5fb280b260549f52113adb.exe
    "C:\Users\Admin\AppData\Local\Temp\53d7984e8151340ea51959e04d4de5c9eef8162cbd5fb280b260549f52113adb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 948
      2⤵
        PID:1488

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1232-54-0x0000000075C31000-0x0000000075C33000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1232-55-0x0000000074870000-0x0000000074E1B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1232-57-0x0000000074870000-0x0000000074E1B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1488-56-0x0000000000000000-mapping.dmp

      Download