8b9242cdae9f1f916e026e7e09620a4f1cfd702caad9312dcd8c60c7921ed30d

Resubmissions

12/01/2023, 21:43

230112-1k14vsbc62 1

12/01/2023, 21:26

230112-z95mxaeg2s 1

Analysis

max time kernel
597s
max time network
428s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/01/2023, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

onlinedrive.exe
Size

377KB
MD5

cf16b73c4bc8b0b3169def3145515c51
SHA1

d96122f40c613ec7569b0afa431670827b2b20f2
SHA256

8b9242cdae9f1f916e026e7e09620a4f1cfd702caad9312dcd8c60c7921ed30d
SHA512

b09080e5afd57afcbd78dde9ef707f7afb74afd04515d800b5e2e0f7832755131a1c1b7a1f32383e569c9945ffd7b73f9b4c44d9c3894e78093a3cb751310c8f
SSDEEP

6144:RZzN/DXrMBfOxw4do6fmdrb3JjvYF0loyZ:RZ1r4szdogmBRvYF0loyZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 3816	1776	onlinedrive.exe	66
PID 1776 wrote to memory of 3816	1776	onlinedrive.exe	66
PID 1776 wrote to memory of 4372	1776	onlinedrive.exe	68
PID 1776 wrote to memory of 4372	1776	onlinedrive.exe	68
PID 1776 wrote to memory of 360	1776	onlinedrive.exe	70
PID 1776 wrote to memory of 360	1776	onlinedrive.exe	70
PID 1776 wrote to memory of 4756	1776	onlinedrive.exe	72
PID 1776 wrote to memory of 4756	1776	onlinedrive.exe	72
PID 1776 wrote to memory of 4808	1776	onlinedrive.exe	74
PID 1776 wrote to memory of 4808	1776	onlinedrive.exe	74
PID 1776 wrote to memory of 4840	1776	onlinedrive.exe	76
PID 1776 wrote to memory of 4840	1776	onlinedrive.exe	76
PID 1776 wrote to memory of 2324	1776	onlinedrive.exe	78
PID 1776 wrote to memory of 2324	1776	onlinedrive.exe	78
PID 1776 wrote to memory of 4272	1776	onlinedrive.exe	80
PID 1776 wrote to memory of 4272	1776	onlinedrive.exe	80
PID 1776 wrote to memory of 3676	1776	onlinedrive.exe	82
PID 1776 wrote to memory of 3676	1776	onlinedrive.exe	82
PID 1776 wrote to memory of 4992	1776	onlinedrive.exe	84
PID 1776 wrote to memory of 4992	1776	onlinedrive.exe	84
PID 1776 wrote to memory of 3380	1776	onlinedrive.exe	86
PID 1776 wrote to memory of 3380	1776	onlinedrive.exe	86
PID 1776 wrote to memory of 4344	1776	onlinedrive.exe	88
PID 1776 wrote to memory of 4344	1776	onlinedrive.exe	88
PID 1776 wrote to memory of 4876	1776	onlinedrive.exe	90
PID 1776 wrote to memory of 4876	1776	onlinedrive.exe	90
PID 1776 wrote to memory of 4416	1776	onlinedrive.exe	92
PID 1776 wrote to memory of 4416	1776	onlinedrive.exe	92
PID 1776 wrote to memory of 4772	1776	onlinedrive.exe	94
PID 1776 wrote to memory of 4772	1776	onlinedrive.exe	94
PID 1776 wrote to memory of 1872	1776	onlinedrive.exe	96
PID 1776 wrote to memory of 1872	1776	onlinedrive.exe	96
PID 1776 wrote to memory of 4960	1776	onlinedrive.exe	98
PID 1776 wrote to memory of 4960	1776	onlinedrive.exe	98
PID 1776 wrote to memory of 3968	1776	onlinedrive.exe	100
PID 1776 wrote to memory of 3968	1776	onlinedrive.exe	100
PID 1776 wrote to memory of 3936	1776	onlinedrive.exe	102
PID 1776 wrote to memory of 3936	1776	onlinedrive.exe	102
PID 1776 wrote to memory of 4320	1776	onlinedrive.exe	104
PID 1776 wrote to memory of 4320	1776	onlinedrive.exe	104
PID 1776 wrote to memory of 4304	1776	onlinedrive.exe	106
PID 1776 wrote to memory of 4304	1776	onlinedrive.exe	106
PID 1776 wrote to memory of 3204	1776	onlinedrive.exe	108
PID 1776 wrote to memory of 3204	1776	onlinedrive.exe	108
PID 1776 wrote to memory of 4292	1776	onlinedrive.exe	110
PID 1776 wrote to memory of 4292	1776	onlinedrive.exe	110
PID 1776 wrote to memory of 2164	1776	onlinedrive.exe	112
PID 1776 wrote to memory of 2164	1776	onlinedrive.exe	112
PID 1776 wrote to memory of 5036	1776	onlinedrive.exe	114
PID 1776 wrote to memory of 5036	1776	onlinedrive.exe	114

C:\Users\Admin\AppData\Local\Temp\onlinedrive.exe
"C:\Users\Admin\AppData\Local\Temp\onlinedrive.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:3816
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4372
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:360
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4756
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4808
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4840
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:2324
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4272
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:3676
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4992
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:3380
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4344
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4876
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4416
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4772
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:1872
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4960
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:3968
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:3936
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4320
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4304
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:3204
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:4292
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:2164
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:5036

Windows 7 deprecation

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads