Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27/11/2022, 10:44 UTC
Static task
static1
Behavioral task
behavioral1
Sample
27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe
Resource
win10v2004-20220812-en
General
-
Target
27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe
-
Size
73KB
-
MD5
70a618bd04328bbb110d1208962a99e7
-
SHA1
b25e030bf9f80748201f522e7aff4320d182045e
-
SHA256
27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e
-
SHA512
86386aba85fd4037497c23954b447795a86399b121c938dd62ee3b00ad0df2201502c10e6f0240b52168b1c8c3baa0dfd5a332b3cefb1dd95540d23a1220ec64
-
SSDEEP
768:/0l6fk0Ykrxxrzh904BPk3yeDjzexnQi2/jcpVA3B6UX:Ml6rxrxxrT04u+xnQlwpS3B6g
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1676 wrote to memory of 1204 1676 27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe 28 PID 1676 wrote to memory of 1204 1676 27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe 28 PID 1676 wrote to memory of 1204 1676 27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe 28 PID 1676 wrote to memory of 1204 1676 27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe"C:\Users\Admin\AppData\Local\Temp\27270ac73a4646bb6856fef535f555d6193fc763e90326c5c65aa48ae2b9f67e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4122⤵PID:1204
-