Analysis
-
max time kernel
141s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 15:53
Static task
static1
Behavioral task
behavioral1
Sample
ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe
Resource
win10v2004-20220812-en
General
-
Target
ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe
-
Size
637KB
-
MD5
24c87d15d3655c8efdf3b0bcc8ad8c43
-
SHA1
dc3d8efe0eba85c8f2a7dd7259fca6d1420f1ebd
-
SHA256
ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977
-
SHA512
3b7b0fa8a390f0d35f96729dc7cc7c248624a78c83ac40bf7b651b65205d03438c15856cee58c3e49051f7c28b2ed803dcd0919208aecf00d242693955fe157b
-
SSDEEP
12288:qVd802EFXB2l4qIVm/hmx6dX1Yit4bCDPwrIuZAoXQna/KXpSH8qP2G3AHSXkG:s831IVm/hbX1Yit4b3dZAoXQnxwH8qe8
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
dw20.exepid process 764 dw20.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exedescription pid process target process PID 1416 wrote to memory of 764 1416 ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe dw20.exe PID 1416 wrote to memory of 764 1416 ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe dw20.exe PID 1416 wrote to memory of 764 1416 ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe dw20.exe PID 1416 wrote to memory of 764 1416 ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe"C:\Users\Admin\AppData\Local\Temp\ceef94b0ad6d02fbdc90067c34cbff4c20b22ee4158969228867dd5f05265977.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4362⤵
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/764-56-0x0000000000000000-mapping.dmp
-
memory/1416-54-0x0000000075F01000-0x0000000075F03000-memory.dmpFilesize
8KB
-
memory/1416-55-0x0000000074960000-0x0000000074F0B000-memory.dmpFilesize
5.7MB
-
memory/1416-58-0x0000000074960000-0x0000000074F0B000-memory.dmpFilesize
5.7MB