f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3

Analysis

max time kernel
46s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 14:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe
Size

493KB
MD5

0e50b1d10aa9b5be8ec9fe8f2a6515ba
SHA1

7af062fe69b99b4b508d8dc7c5aac89c9f6b5768
SHA256

f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3
SHA512

cf4ceddc21ae7f5fca2673276010af27f5006324560dfb47d584d9aec0829a8f0eb8d3023ed8ec236a1c03375711ea720890b641504e82f4e982c5ed74a677b8
SSDEEP

12288:DLRP4gEWprJCVYGGCsH9/iKpxGLUPEEMy:PR5E0r8SGc9acG4Mny

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 1768	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	27
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28
PID 1204 wrote to memory of 844	1204	f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe	28

C:\Users\Admin\AppData\Local\Temp\f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe
"C:\Users\Admin\AppData\Local\Temp\f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Users\Admin\AppData\Local\Temp\f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe
  start
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Local\Temp\f4b5b61fe91a1a60fc8bc801c7fcdf9e9272fa82d068e1dd3058b3abaab2d7b3.exe
  watch
  2⤵
  PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/844-62-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/844-64-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/1204-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/1204-55-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/1204-60-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/1768-61-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/1768-63-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads