Analysis
-
max time kernel
230s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
06-12-2022 09:57
Static task
static1
Behavioral task
behavioral1
Sample
615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe
Resource
win10v2004-20220901-en
General
-
Target
615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe
-
Size
133KB
-
MD5
5d356602f5ae14038f2c002225f37262
-
SHA1
0cb9a09647ae41659adff7f3d52e975cce9c8b32
-
SHA256
615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3
-
SHA512
16cfd32ca2277c6d50df3c8b49974695621b6a91fc1507d78e46b59f3746202b08139fc572500891c14861ec70d539c0025ccceb6e92892f48efaab52ecc366c
-
SSDEEP
3072:gV3po8E8Q0BxoifphYSoA0Gbhbhi6qiUDm/f:orQIpDY5A0Gbvi6q/DC
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1028-57-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral1/memory/1028-61-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral1/memory/1028-60-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral1/memory/1028-63-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1028 615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 896 wrote to memory of 1028 896 615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe 28 PID 896 wrote to memory of 1028 896 615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe 28 PID 896 wrote to memory of 1028 896 615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe 28 PID 896 wrote to memory of 1028 896 615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe"C:\Users\Admin\AppData\Local\Temp\615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:896 -
C:\Users\Admin\AppData\Local\Temp\615bc48c1113568de7374c4e1348d0547b307e04a7cfe403bb84acb08f3d63a3.exe?2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1028
-