8fb707fe0323280a191fc45579ec97672caaa3ca7d6c02be8a34653d46c519d8 | Triage

Analysis

max time kernel
291s
max time network
259s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2023 11:56

Sharing

Report Analysis Logs

General

Target

nc.exe
Size

37KB
MD5

5dcf26e3fbce71902b0cd7c72c60545b
SHA1

970bbe298c8ec673fe2257ad6363d29942171fd1
SHA256

e8fbec25db4f9d95b5e8f41cca51a4b32be8674a4dea7a45b6f7aeb22dbc38db
SHA512

b5b5ebe0e333a7331a08f488a66e9a3ff4ea5f5d2552bbc1477627df32f92fdf2a0c279e929cc93a61e20d90f7797f552f2c3a710903cbccc441d14b018928e1
SSDEEP

768:mucfgSLKkEXRYxLKlVMGmmkn2TocrC+q4rPBn:vcfpKkEqKlGGmjwTrC+q4rPBn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

nc.exe

description	pid	process	target process
PID 4228 wrote to memory of 5060	4228	nc.exe	cmd.exe
PID 4228 wrote to memory of 5060	4228	nc.exe	cmd.exe
PID 4228 wrote to memory of 5060	4228	nc.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\nc.exe
"C:\Users\Admin\AppData\Local\Temp\nc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4228

C:\Windows\SysWOW64\cmd.exe
cmd.exe
2⤵
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4228-133-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4228-136-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download