4acfeac37a7e57c05000c6819432007f31837d99973f60bef1214b0033756ba8 | Triage

Analysis

max time kernel
68s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
16/02/2023, 04:45

Sharing

Report Analysis Logs

General

Target

procexp.exe
Size

4.4MB
MD5

1c5f2887b32db33a6fcb71cbe6f24bd3
SHA1

77017684550201e72e0ae043ddd7dadb7643abbf
SHA256

4acfeac37a7e57c05000c6819432007f31837d99973f60bef1214b0033756ba8
SHA512

504bb7778c959bd7a9d1e3167672c311044c41f8c9087c17e4075d4560d29ecc3a8c97ccdae7b725025ecae89d66fb1f6885d34bb9f4fc50e38cf64e10485ae4
SSDEEP

49152:NR2rCnT1GGkqFuwAIQxBs3jJT4DXyHMv7PCJ6KCmaKs:4CBGG1jWPie5K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1080	procexp64.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1080	2240	procexp.exe	81
PID 2240 wrote to memory of 1080	2240	procexp.exe	81

C:\Users\Admin\AppData\Local\Temp\procexp.exe
"C:\Users\Admin\AppData\Local\Temp\procexp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\procexp64.exe
  "C:\Users\Admin\AppData\Local\Temp\procexp.exe"
  2⤵
  - Executes dropped EXE
  PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\procexp64.exe

Filesize
2.3MB

MD5
c85a1ca00cc21ed3c15335f1f3924508

SHA1
1613be64046681cf33dce74c10520d7ae06d3bb6

SHA256
2cd8fa82ffccf17a8a20178bc7145ea40b837c37f7383e5b15a2243cc601dd58

SHA512
fca9338bf846f12faea59685b91fb44bd42b1d8ff784814385af06b73ace2ba27d181850e3d75213da0a582c47e981d9f21f5d8c03ad107d1687d2b941825c22

Download Submit