22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d

Analysis

max time kernel
41s
max time network
72s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
Size

522KB
MD5

a3815be1cb161bed00098bb5a4daaaf3
SHA1

4d993b6639c3bf5391ce52271102841edbfae445
SHA256

22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d
SHA512

a07a11c18edbc1d24393a4bbab2a48bea1fcfc4bcf68e65500320fd2bbd8a63ddcb031a14f2401f8777b5c8e431a2d993384131295d11ee4330885f5558ed487
SSDEEP

12288:xS6I/VF6UQdxWH3TxBepRy18xQqpx8O5ju:4Zo84atqpx8l

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe

description	pid	process	target process
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 2016	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
PID 2040 wrote to memory of 1320	2040	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe	22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe

C:\Users\Admin\AppData\Local\Temp\22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
"C:\Users\Admin\AppData\Local\Temp\22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040

C:\Users\Admin\AppData\Local\Temp\22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
start
2⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\22c794b95027c9ca72c874797b6563628af5e3a152555fbf0159129717a94c0d.exe
watch
2⤵
PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1320-59-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1320-68-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1320-56-0x0000000000000000-mapping.dmp

Download
memory/1320-65-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/1320-63-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2016-57-0x0000000000000000-mapping.dmp

Download
memory/2016-60-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2016-64-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2016-66-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2016-67-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2040-58-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2040-54-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2040-55-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download