a41b81d6f31e80e458bfa92d1a0f32a49bf355ace435f4f39448daef1e953aee | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/05/2023, 09:08

Sharing

Report Analysis Logs

General

Target

$R0MLG7Q/吃瓜视频9.exe
Size

807KB
MD5

b042f8ec766533d4accadbb3fd1e4235
SHA1

d569ec864736be4cfb52d278c2534d0dd6435755
SHA256

7feff3d87cc13cc6ebcd5b40cd33149ea8ab321962cd0eb8d173c08f22dd0d2a
SHA512

b2b4455f4b2bbff1be0edcedcc9c960b27691d51e530ebc5d2f55674e6c1f911bb3a28af5a8ba696b7467698d4061c39ae516f71ab00b9c331d3b5a088da8544
SSDEEP

12288:EDCl1LJGGINwYGRzZoe2grY2rE90jpbCIn5PIRPtZKVx:vlzuNwYGRz6eZ9CIH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 824	1352	吃瓜视频9.exe	28
PID 1352 wrote to memory of 824	1352	吃瓜视频9.exe	28
PID 1352 wrote to memory of 824	1352	吃瓜视频9.exe	28
PID 1352 wrote to memory of 824	1352	吃瓜视频9.exe	28

C:\Users\Admin\AppData\Local\Temp\$R0MLG7Q\吃瓜视频9.exe
"C:\Users\Admin\AppData\Local\Temp\$R0MLG7Q\吃瓜视频9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\$R0MLG7Q\2208191736\吃瓜视频9.exe
  C:\Users\Admin\AppData\Local\Temp\$R0MLG7Q\2208191736\吃瓜视频9.exe
  2⤵
  PID:824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads