Analysis
-
max time kernel
94s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 08:25
Static task
static1
Behavioral task
behavioral1
Sample
b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe
Resource
win10v2004-20220812-en
General
-
Target
b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe
-
Size
133KB
-
MD5
773b5a10cbcd01abdd9be9e2f629bad4
-
SHA1
e71339ae1e177deee594f54e85fcd0e532969b16
-
SHA256
b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01
-
SHA512
c98f54baaf71961535cb6c391cc37285b97793d7bb657732b399849eb25cff4f1ddb99cc9f9ac337ece6eb315e5a43563e8a6c4e0eeb672c69f1adeb9ad96e5a
-
SSDEEP
3072:AV3poov8zp62jYwr/9MifphYSoA0GbhbhiwqiUDf/y:hd62cADDY5A0Gbviwq/Di
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4064-135-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral2/memory/4064-139-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral2/memory/4064-138-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral2/memory/4064-141-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3068 wrote to memory of 4064 3068 b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe 78 PID 3068 wrote to memory of 4064 3068 b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe 78 PID 3068 wrote to memory of 4064 3068 b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe"C:\Users\Admin\AppData\Local\Temp\b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Users\Admin\AppData\Local\Temp\b8cc60cf3bc76d3cbc8731d7d02cf7661469af609a4d0fd97fab6a5fc4922b01.exe?2⤵PID:4064
-