c5a9bc0ded127a7c0eef6fb16835dc4fa395b3ca9f25dba029d2e81ca3572add | Triage

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 17:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

syslogd_20211210.exe
Size

44KB
MD5

10fa69bec0e09c87198e2ce4f4a19cf7
SHA1

1c0d8ac0795abdbd75ac5b4c45eece52ebe19e36
SHA256

c5a9bc0ded127a7c0eef6fb16835dc4fa395b3ca9f25dba029d2e81ca3572add
SHA512

e896bbb7ce633492a7f8ce9d5a42c06cb253f1c9fc0a60d7a3d658d4594265d569e8b48f34cbe0d7fd5f73ff0621a1f53fda7f6e3ed1aef9278e346c9cbd297d
SSDEEP

768:n2ENN28GEPbG7vPP3lLuzZPKqsQh8+nLZ/C:N28VbQvPP3lLuBZs5+nLZ/C

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 1724	1224	syslogd_20211210.exe	29
PID 1224 wrote to memory of 1724	1224	syslogd_20211210.exe	29
PID 1224 wrote to memory of 1724	1224	syslogd_20211210.exe	29
PID 1224 wrote to memory of 1724	1224	syslogd_20211210.exe	29
PID 1724 wrote to memory of 1500	1724	cmd.exe	30
PID 1724 wrote to memory of 1500	1724	cmd.exe	30
PID 1724 wrote to memory of 1500	1724	cmd.exe	30
PID 1724 wrote to memory of 1500	1724	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\syslogd_20211210.exe
"C:\Users\Admin\AppData\Local\Temp\syslogd_20211210.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c chcp 65001 > nul
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1724
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-54-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download