ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30

Analysis

max time kernel
171s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe
Size

39KB
MD5

3830687482615a7de2084120fc9e40a2
SHA1

af442eb878a74a66769869f6c8c290bb9e31f28b
SHA256

ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30
SHA512

7c6960504f00a56bf7542ad6878d6d5d3f8ba1684413a7883721b68db262d7caa53e879c5707528bd449b7b886fcba424ef6519d518adae402701427ed5d5c15
SSDEEP

768:menRNpISHSQp8q5G7OjlNc1BsU2HtzA0sSzoPKz951MD7Ye3rEOc:9H/TpFG7OjlNcvsUWtzJsXW951C7YebE

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
448	240587968.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 448	2352	ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe	83
PID 2352 wrote to memory of 448	2352	ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe	83
PID 2352 wrote to memory of 448	2352	ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe	83
PID 2352 wrote to memory of 1800	2352	ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe	84
PID 2352 wrote to memory of 1800	2352	ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe	84
PID 2352 wrote to memory of 1800	2352	ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe	84

C:\Users\Admin\AppData\Local\Temp\ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe
"C:\Users\Admin\AppData\Local\Temp\ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Users\Admin\AppData\Local\Temp\240587968.exe
  C:\Users\Admin\AppData\Local\Temp\\240587968.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0e1705ca.bat" "C:\Users\Admin\AppData\Local\Temp\ff9ccdf23a782f4f473848cc2fcdbf90bdc114e848d5a15befe1f316a100ed30.exe""
  2⤵
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0e1705ca.bat

Filesize
38B

MD5
e814208df58ba7afda78819c96fcd164

SHA1
60778e83d11c3c3fba0b2efe6c4deac95a9a3954

SHA256
ea66d9bbb20c62f0781f414cf4d2fc547cd9540816726340ee6203552d23b0ee

SHA512
f69baa4dd6f373141bf8c495aae01442ab969ff33a24006d0a9186c1baa951f25f7727e2250bfe1ef8b3df2a0c1aca182fa909248eac73db9ef69111c9a9feb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\240587968.exe

Filesize
36KB

MD5
57e06a62147e38cf3b0781e1463de794

SHA1
022b93cd559ac9965b4bbd86087963d5f9b056d1

SHA256
6feffc8ff8dc17f6864f361c7dd012ef3525cd16f57f2a158cbef91535609426

SHA512
884caf47b3c1e7e500117d41748652d46b07cf4b632c2452e49006edcb0840f9073adc15fe76a64d1d0e2db8bad8c1343493dac4e35195398ea56cecd506e505

Download Submit
C:\Users\Admin\AppData\Local\Temp\240587968.exe

Filesize
36KB

MD5
57e06a62147e38cf3b0781e1463de794

SHA1
022b93cd559ac9965b4bbd86087963d5f9b056d1

SHA256
6feffc8ff8dc17f6864f361c7dd012ef3525cd16f57f2a158cbef91535609426

SHA512
884caf47b3c1e7e500117d41748652d46b07cf4b632c2452e49006edcb0840f9073adc15fe76a64d1d0e2db8bad8c1343493dac4e35195398ea56cecd506e505

Download Submit
memory/448-132-0x0000000000000000-mapping.dmp

Download
memory/448-136-0x0000000034210000-0x0000000034221000-memory.dmp

Filesize
68KB

Download
memory/448-140-0x0000000034210000-0x0000000034221000-memory.dmp

Filesize
68KB

Download
memory/448-142-0x0000000034210000-0x0000000034221000-memory.dmp

Filesize
68KB

Download
memory/1800-135-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads