f5425c96d9e9e4c9b138f396a6dbce7805c746783163f017062882e81fbadadd

Analysis

max time kernel
149s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10/03/2023, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AdminSystem.exe
Size

1.9MB
MD5

bcfb9cc721362856007031f8ad222937
SHA1

2aad165abdfec81890b2dcb65e55965ddd666656
SHA256

f5425c96d9e9e4c9b138f396a6dbce7805c746783163f017062882e81fbadadd
SHA512

f5cfcee31ab2516326d73bf755ae4618a81ab78ed104422ef5b284cece255e17cabbe878b1a1b5d1f4c7be833c963924ee47c4b281fbf805c4352f8cc0d4e950
SSDEEP

24576:oXyM/5S3/JMw+z4mvWFachVvjVKJs+Ec0xMkE8JsU3AogqqIhqCylm:oCM/5SRMw+zmaoBK5qqIhqCylm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1720	1376	AdminSystem.exe	29
PID 1376 wrote to memory of 1720	1376	AdminSystem.exe	29
PID 1376 wrote to memory of 1720	1376	AdminSystem.exe	29
PID 1376 wrote to memory of 1308	1376	AdminSystem.exe	30
PID 1376 wrote to memory of 1308	1376	AdminSystem.exe	30
PID 1376 wrote to memory of 1308	1376	AdminSystem.exe	30
PID 1376 wrote to memory of 1940	1376	AdminSystem.exe	31
PID 1376 wrote to memory of 1940	1376	AdminSystem.exe	31
PID 1376 wrote to memory of 1940	1376	AdminSystem.exe	31
PID 1376 wrote to memory of 2004	1376	AdminSystem.exe	32
PID 1376 wrote to memory of 2004	1376	AdminSystem.exe	32
PID 1376 wrote to memory of 2004	1376	AdminSystem.exe	32
PID 1376 wrote to memory of 988	1376	AdminSystem.exe	33
PID 1376 wrote to memory of 988	1376	AdminSystem.exe	33
PID 1376 wrote to memory of 988	1376	AdminSystem.exe	33
PID 1376 wrote to memory of 1996	1376	AdminSystem.exe	34
PID 1376 wrote to memory of 1996	1376	AdminSystem.exe	34
PID 1376 wrote to memory of 1996	1376	AdminSystem.exe	34
PID 1376 wrote to memory of 1288	1376	AdminSystem.exe	35
PID 1376 wrote to memory of 1288	1376	AdminSystem.exe	35
PID 1376 wrote to memory of 1288	1376	AdminSystem.exe	35
PID 1376 wrote to memory of 292	1376	AdminSystem.exe	36
PID 1376 wrote to memory of 292	1376	AdminSystem.exe	36
PID 1376 wrote to memory of 292	1376	AdminSystem.exe	36
PID 1376 wrote to memory of 772	1376	AdminSystem.exe	37
PID 1376 wrote to memory of 772	1376	AdminSystem.exe	37
PID 1376 wrote to memory of 772	1376	AdminSystem.exe	37
PID 1376 wrote to memory of 664	1376	AdminSystem.exe	38
PID 1376 wrote to memory of 664	1376	AdminSystem.exe	38
PID 1376 wrote to memory of 664	1376	AdminSystem.exe	38
PID 1376 wrote to memory of 524	1376	AdminSystem.exe	39
PID 1376 wrote to memory of 524	1376	AdminSystem.exe	39
PID 1376 wrote to memory of 524	1376	AdminSystem.exe	39
PID 1376 wrote to memory of 976	1376	AdminSystem.exe	40
PID 1376 wrote to memory of 976	1376	AdminSystem.exe	40
PID 1376 wrote to memory of 976	1376	AdminSystem.exe	40
PID 1376 wrote to memory of 604	1376	AdminSystem.exe	41
PID 1376 wrote to memory of 604	1376	AdminSystem.exe	41
PID 1376 wrote to memory of 604	1376	AdminSystem.exe	41
PID 1376 wrote to memory of 1656	1376	AdminSystem.exe	42
PID 1376 wrote to memory of 1656	1376	AdminSystem.exe	42
PID 1376 wrote to memory of 1656	1376	AdminSystem.exe	42
PID 1376 wrote to memory of 1132	1376	AdminSystem.exe	43
PID 1376 wrote to memory of 1132	1376	AdminSystem.exe	43
PID 1376 wrote to memory of 1132	1376	AdminSystem.exe	43
PID 1376 wrote to memory of 1868	1376	AdminSystem.exe	44
PID 1376 wrote to memory of 1868	1376	AdminSystem.exe	44
PID 1376 wrote to memory of 1868	1376	AdminSystem.exe	44
PID 1376 wrote to memory of 1192	1376	AdminSystem.exe	45
PID 1376 wrote to memory of 1192	1376	AdminSystem.exe	45
PID 1376 wrote to memory of 1192	1376	AdminSystem.exe	45
PID 1376 wrote to memory of 1924	1376	AdminSystem.exe	46
PID 1376 wrote to memory of 1924	1376	AdminSystem.exe	46
PID 1376 wrote to memory of 1924	1376	AdminSystem.exe	46
PID 1376 wrote to memory of 764	1376	AdminSystem.exe	47
PID 1376 wrote to memory of 764	1376	AdminSystem.exe	47
PID 1376 wrote to memory of 764	1376	AdminSystem.exe	47
PID 1376 wrote to memory of 1448	1376	AdminSystem.exe	48
PID 1376 wrote to memory of 1448	1376	AdminSystem.exe	48
PID 1376 wrote to memory of 1448	1376	AdminSystem.exe	48
PID 1376 wrote to memory of 700	1376	AdminSystem.exe	49
PID 1376 wrote to memory of 700	1376	AdminSystem.exe	49
PID 1376 wrote to memory of 700	1376	AdminSystem.exe	49
PID 1376 wrote to memory of 1892	1376	AdminSystem.exe	50

C:\Users\Admin\AppData\Local\Temp\AdminSystem.exe
"C:\Users\Admin\AppData\Local\Temp\AdminSystem.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2036
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-54-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/1376-55-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/1376-58-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/1376-61-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download
memory/1376-62-0x0000000000400000-0x000000000050B000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads