Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 12:14
Static task
static1
Behavioral task
behavioral1
Sample
76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe
Resource
win10v2004-20220901-en
General
-
Target
76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe
-
Size
620KB
-
MD5
00993736117148d1582213b715fe9840
-
SHA1
4492c2a1631e506d6cf36766fe82bb14be0039cf
-
SHA256
76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482
-
SHA512
d7ac82ac4f235bd1adf9a95d42ac27e86df4cae54f965535f678449ee5fbf3e6a0baeae07f35d142d0a0a4778e2a402868cd295e0549158af461eb2ebea1962d
-
SSDEEP
3072:ZUWVRWSq4m1eKcdOjO5OKUw7V89wmnfLSUkYhk9s42TqbVKuh+DEOXpq0q3/5ZV:rRWSqVEUzRnfLSokPvVADEO8TB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4844 wrote to memory of 1468 4844 76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe 81 PID 4844 wrote to memory of 1468 4844 76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe 81 PID 4844 wrote to memory of 1468 4844 76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe"C:\Users\Admin\AppData\Local\Temp\76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
\??\c:\users\admin\appdata\local\temp\76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe"c:\users\admin\appdata\local\temp\76079eb17d247dccde6071529c2e10a645cc14f563cec051f4998318d0e82482.exe"war3.exe"2⤵PID:1468
-