d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe
Size

57KB
MD5

30b80f5f0124626810ea32f62f5622db
SHA1

32cd5cbe57f3d6dd0452d553e3365c74c64587c2
SHA256

d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48
SHA512

7df5c49a66d9c607d83b6049f51b6c2e7923fbc3844196b33537c297309a8f2f231d3741d2d43853f0e86dcf715276bd6334c3c1eb9cd9d3137a24043f335182
SSDEEP

1536:sdwMGWez2yTFAWHwabD5P9n55f6oMGMGHX:s2MGWpyXwaXnDf6s

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1104	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1732	cmd.exe
1732	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1732	1196	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	28
PID 1196 wrote to memory of 1732	1196	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	28
PID 1196 wrote to memory of 1732	1196	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	28
PID 1196 wrote to memory of 1732	1196	d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe	28
PID 1732 wrote to memory of 1104	1732	cmd.exe	29
PID 1732 wrote to memory of 1104	1732	cmd.exe	29
PID 1732 wrote to memory of 1104	1732	cmd.exe	29
PID 1732 wrote to memory of 1104	1732	cmd.exe	29

C:\Users\Admin\AppData\Local\Temp\d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe
"C:\Users\Admin\AppData\Local\Temp\d1983d18ff16668536a9306afe8981dba754fe52b896a7cbe88269ec727c2b48.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
57KB

MD5
bd05707a07c7262002ab9c8bd7dff10e

SHA1
6baf73a3be1f6fe603d873e271ef38869801d43b

SHA256
b69d18e5a0f3523cc2d25be95ebe9e1598785cdafe442863ae17e7dbeb702ecb

SHA512
6d751cec18f1db74e794efe6dad4c378bcb3de6a8911ea6c057fb8d9b98b166e952f7143c6b6b6e16ae65ea20f8c0055d0366d1c8ab1dd7820b158e803c2f9dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
57KB

MD5
bd05707a07c7262002ab9c8bd7dff10e

SHA1
6baf73a3be1f6fe603d873e271ef38869801d43b

SHA256
b69d18e5a0f3523cc2d25be95ebe9e1598785cdafe442863ae17e7dbeb702ecb

SHA512
6d751cec18f1db74e794efe6dad4c378bcb3de6a8911ea6c057fb8d9b98b166e952f7143c6b6b6e16ae65ea20f8c0055d0366d1c8ab1dd7820b158e803c2f9dd

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
57KB

MD5
bd05707a07c7262002ab9c8bd7dff10e

SHA1
6baf73a3be1f6fe603d873e271ef38869801d43b

SHA256
b69d18e5a0f3523cc2d25be95ebe9e1598785cdafe442863ae17e7dbeb702ecb

SHA512
6d751cec18f1db74e794efe6dad4c378bcb3de6a8911ea6c057fb8d9b98b166e952f7143c6b6b6e16ae65ea20f8c0055d0366d1c8ab1dd7820b158e803c2f9dd

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
57KB

MD5
bd05707a07c7262002ab9c8bd7dff10e

SHA1
6baf73a3be1f6fe603d873e271ef38869801d43b

SHA256
b69d18e5a0f3523cc2d25be95ebe9e1598785cdafe442863ae17e7dbeb702ecb

SHA512
6d751cec18f1db74e794efe6dad4c378bcb3de6a8911ea6c057fb8d9b98b166e952f7143c6b6b6e16ae65ea20f8c0055d0366d1c8ab1dd7820b158e803c2f9dd

Download Submit
memory/1104-58-0x0000000000000000-mapping.dmp

Download
memory/1732-54-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads