9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6 | Triage

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02-05-2023 10:23

Sharing

Report Analysis Logs

General

Target

SvCpJuhbT.exe
Size

1.7MB
MD5

c726a4eba148b17c9ccf3692fbc90701
SHA1

52d203ff30f7a23fdc4cb45caa2efa40324a43d9
SHA256

9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6
SHA512

8499f446c1a7ae0f52f75e61073c916e2531f09b4cf7fc133c63b874d3c42a5cddc280f8b9b9d1be038c6bb789e763213c8d0a1e27add3796cb3a46523ea707e
SSDEEP

49152:rbwfYXOdg8BnGyKkv6dfaAHYgDJY2Zuqz1:rs7sf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

SvCpJuhbT.exe

description	pid	process	target process
PID 816 wrote to memory of 1960	816	SvCpJuhbT.exe	notepad.exe
PID 816 wrote to memory of 1960	816	SvCpJuhbT.exe	notepad.exe
PID 816 wrote to memory of 1960	816	SvCpJuhbT.exe	notepad.exe
PID 816 wrote to memory of 1960	816	SvCpJuhbT.exe	notepad.exe
PID 816 wrote to memory of 1960	816	SvCpJuhbT.exe	notepad.exe
PID 816 wrote to memory of 1960	816	SvCpJuhbT.exe	notepad.exe

C:\Users\Admin\AppData\Local\Temp\SvCpJuhbT.exe
"C:\Users\Admin\AppData\Local\Temp\SvCpJuhbT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:816

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\SysWOW64\notepad.exe"
2⤵
PID:1960

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...