Analysis
-
max time kernel
87s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2023, 09:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
lib.exe
Resource
win7-20230220-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
lib.exe
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
lib.exe
-
Size
103.3MB
-
MD5
a6140a39e521381f195e299efdb69a6c
-
SHA1
78561f13bb18fa29777119db310168a61a7f3010
-
SHA256
138d95098ef622ac31bd06d6af23f4efedb8ff58efc3109884e2fac3e4fb6f15
-
SHA512
6115cd7c5aa684903fc694849f3786eb0ced384925f66d6a03f157f330e667837002cdaea7178424c18ed5899f1a3ad0ee43d45d5729c79a713d08a23be13ef2
-
SSDEEP
786432:d0LoCOn+2gs4urYDNulLBiuPeoXgoK2YOFxd9C+NaRm8oJk54NDKxhJODsWXBFHL:dMoCm/gXwsR6Z
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1772 wrote to memory of 3620 1772 lib.exe 87 PID 1772 wrote to memory of 3620 1772 lib.exe 87 PID 3620 wrote to memory of 112 3620 cmd.exe 88 PID 3620 wrote to memory of 112 3620 cmd.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\lib.exe"C:\Users\Admin\AppData\Local\Temp\lib.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\lib.exe C:\snapshot\package v/index2.js"2⤵
- Suspicious use of WriteProcessMemory
PID:3620 -
C:\Users\Admin\AppData\Local\Temp\lib.exeC:\Users\Admin\AppData\Local\Temp\lib.exe C:\snapshot\package v/index2.js3⤵PID:112
-
-