Overview

overview

1

Static

static

0b2a08a49f...d7.exe

windows7-x64

1

0b2a08a49f...d7.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    84s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b2a08a49ffece53f7caaf84ab569f5c8c62a9dae92317d678ff557168511fd7.exe

  • Size

    117KB

  • MD5

    08b69e2a2da3a8ad533e796c5f3cb480

  • SHA1

    9508e2ce2ee2860c263607c4f9ef067e992588ef

  • SHA256

    0b2a08a49ffece53f7caaf84ab569f5c8c62a9dae92317d678ff557168511fd7

  • SHA512

    86f8282f32d834768a9d3089915c2477ef533234de943ded434d5f095a49b96defe1f71cfa17dba10e05b1864d225d7ece736a526e09f54b790c660005adcd71

  • SSDEEP

    3072:rlsrRNBopg3YYmrl4d3w3K5gaDbUlm6W:8Cg3lmedAa5bUl

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b2a08a49ffece53f7caaf84ab569f5c8c62a9dae92317d678ff557168511fd7.exe
    "C:\Users\Admin\AppData\Local\Temp\0b2a08a49ffece53f7caaf84ab569f5c8c62a9dae92317d678ff557168511fd7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Users\Admin\AppData\Local\Temp\0b2a08a49ffece53f7caaf84ab569f5c8c62a9dae92317d678ff557168511fd7.exe
      C:\Users\Admin\AppData\Local\Temp\0b2a08a49ffece53f" 48
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1188-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1408-57-0x0000000010000000-0x000000001000D000-memory.dmp

    Filesize

    52KB

    Download