5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9

Analysis

max time kernel
28s
max time network
61s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
Size

522KB
MD5

f8e72d2943554ed040e5e90afa299dc6
SHA1

3ad7adbcd966f63136a1814c910fb857f78d7ce1
SHA256

5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9
SHA512

5c75891ad7d907d66bb2b09565f3af0d95583ce5ac541ed4f6544cadda75b9850667e39d21ec1d5a342d887467a72f5c07c8b36614cfac891ffda86fc9725f04
SSDEEP

6144:MJOYRGWXOhQKog6JesF+OxO3Eymq22p6/S8gFQHno6nmQy1CrxQqD9RSaSz+8O5X:78feqS6Jeppmfa+ry18xQqpx8O5ocYL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe

description	pid	process	target process
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1488	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
PID 1376 wrote to memory of 1892	1376	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe	5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe

C:\Users\Admin\AppData\Local\Temp\5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
"C:\Users\Admin\AppData\Local\Temp\5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376

C:\Users\Admin\AppData\Local\Temp\5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
start
2⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\5dfa7f153542a9921fb255efcfbc915d475e4ad92b7a5d1452557c14d45f01f9.exe
watch
2⤵
PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1376-55-0x0000000075921000-0x0000000075923000-memory.dmp

Filesize
8KB

Download
memory/1376-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1488-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1488-57-0x0000000000000000-mapping.dmp

Download
memory/1488-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1488-62-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1488-67-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1892-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1892-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1892-56-0x0000000000000000-mapping.dmp

Download
memory/1892-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1892-68-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download