Overview

overview

1

Static

static

26119ccb5f...ea.exe

windows7-x64

1

26119ccb5f...ea.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 07:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26119ccb5f8e27f0cd140ee3fcecc6a00d4f53c1126fbc9bbe86099b10c061ea.exe

  • Size

    522KB

  • MD5

    3163a9dd199e3e71c9a91fff15fbc6f2

  • SHA1

    4261858288c605bc10e68d411afbeb21e36f485b

  • SHA256

    26119ccb5f8e27f0cd140ee3fcecc6a00d4f53c1126fbc9bbe86099b10c061ea

  • SHA512

    bac0680666f74ad04d58e01897a8bbbc7c96d244aeaab3d71e21146a4db3dc824698984678f051327fc600258e8231eb63d60503c33ce10b2ce74f7338eb53cc

  • SSDEEP

    12288:qZUOuVBBXhziGRZm4c9y18xQqpx8O5kn:qeOkBXhzbSHatqpx8D

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26119ccb5f8e27f0cd140ee3fcecc6a00d4f53c1126fbc9bbe86099b10c061ea.exe
    "C:\Users\Admin\AppData\Local\Temp\26119ccb5f8e27f0cd140ee3fcecc6a00d4f53c1126fbc9bbe86099b10c061ea.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\26119ccb5f8e27f0cd140ee3fcecc6a00d4f53c1126fbc9bbe86099b10c061ea.exe
      start
      2⤵
        PID:1104
      • C:\Users\Admin\AppData\Local\Temp\26119ccb5f8e27f0cd140ee3fcecc6a00d4f53c1126fbc9bbe86099b10c061ea.exe
        watch
        2⤵
          PID:2044

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1056-54-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1056-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1056-58-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1104-57-0x0000000000000000-mapping.dmp

        Download

      • memory/1104-60-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1104-63-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/1104-65-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2044-56-0x0000000000000000-mapping.dmp

        Download

      • memory/2044-59-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2044-64-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download

      • memory/2044-66-0x0000000000400000-0x000000000048C000-memory.dmp

        Filesize

        560KB

        Download