Analysis
-
max time kernel
46s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 07:44
Static task
static1
Behavioral task
behavioral1
Sample
6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe
Resource
win10v2004-20220901-en
General
-
Target
6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe
-
Size
547KB
-
MD5
df5002b143bd7a4630eaf678a5cb9ea4
-
SHA1
8d21dacc12976fb9fb1bc2de7a1e71ebfee16c36
-
SHA256
6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c
-
SHA512
b3b1cc0bd1ecb56fd47c6e52fb4434900e1cb8720d69e6b34e98715e1643f804565608a12b33e00f2f6b725f0d1effbbcf1dfd752c2db6ac70b50e54ef9eaab1
-
SSDEEP
12288:SIMpMHh1OdD65VMN5YMdhwJ8dW58qjn3j:vDh1O4VM3YMdhwGdWf3j
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exedescription pid process target process PID 1600 wrote to memory of 1352 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1352 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1352 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1352 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1420 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1420 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1420 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe PID 1600 wrote to memory of 1420 1600 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe 6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe"C:\Users\Admin\AppData\Local\Temp\6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Users\Admin\AppData\Local\Temp\6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exestart2⤵PID:1352
-
C:\Users\Admin\AppData\Local\Temp\6a0518f244f08fbccf6320bc56d45e4274614145b7ba10c4cc70a6a5c3883d8c.exewatch2⤵PID:1420