e04248f2a196e0f03aea7212700b3c40663b77c298301e6ba265c574541424dc | Triage

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/02/2023, 06:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

579b86cd29f5583a6f74e51e7eeb5205.exe
Size

27KB
MD5

579b86cd29f5583a6f74e51e7eeb5205
SHA1

ab3d7a343dbaa9e1b159b4582f63760a0da411b8
SHA256

e04248f2a196e0f03aea7212700b3c40663b77c298301e6ba265c574541424dc
SHA512

07a9a679a69c47b23b8f6022ffcd80af7db21701d00e8d6baef5c95f50cab179633033aa17f0b55f6f54bd84c36439613cb470e646107b282ee7f0988d801c0e
SSDEEP

768:FD4nukSUoX8W9/omoZ3tOF3kQwk7JfJdYz:FD4Fin/LoZdoHFfJKz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4876	4848	579b86cd29f5583a6f74e51e7eeb5205.exe	80
PID 4848 wrote to memory of 4876	4848	579b86cd29f5583a6f74e51e7eeb5205.exe	80
PID 4848 wrote to memory of 4876	4848	579b86cd29f5583a6f74e51e7eeb5205.exe	80

C:\Users\Admin\AppData\Local\Temp\579b86cd29f5583a6f74e51e7eeb5205.exe
"C:\Users\Admin\AppData\Local\Temp\579b86cd29f5583a6f74e51e7eeb5205.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:4876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-133-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download