4292b103eed9a263664a0d594ecc3eb6750719dc9fb5632813ce734110c30ed7 | Triage

Analysis

max time kernel
24s
max time network
19s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/08/2023, 15:25

Sharing

Report Analysis Logs

General

Target

forvmbox4.exe
Size

93KB
MD5

a0e1fb30b44c6a17ce0b474a97fa9eed
SHA1

87e55df34421f3ef302bab98d594942444d04e11
SHA256

4292b103eed9a263664a0d594ecc3eb6750719dc9fb5632813ce734110c30ed7
SHA512

3d7a90202278ccf3a5273df036c5a985a3da4ff5b177c79eca25cbaccfdf269378021034fc4311c85bd96c19ace894b5cac3893f8387c71c783d2a3b1653cb03
SSDEEP

1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfIwVpBNOF:L7DhdC6kzWypvaQ0FxyNTBfISE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2836	2100	forvmbox4.exe	29
PID 2100 wrote to memory of 2836	2100	forvmbox4.exe	29
PID 2100 wrote to memory of 2836	2100	forvmbox4.exe	29
PID 2100 wrote to memory of 2836	2100	forvmbox4.exe	29

C:\Users\Admin\AppData\Local\Temp\forvmbox4.exe
"C:\Users\Admin\AppData\Local\Temp\forvmbox4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7761.tmp\7762.tmp\7763.bat C:\Users\Admin\AppData\Local\Temp\forvmbox4.exe"
  2⤵
  PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7761.tmp\7762.tmp\7763.bat

Filesize
4KB

MD5
7b321c335c4330a0e3fa54b0e1eb052a

SHA1
7c1ed536a37f420a91e6ce49228e489a278fb5fe

SHA256
9557054b07ef92de4102919c3660a3e5404acab7bb3b40357f67e715591afaf2

SHA512
943cf8da1fdb8468eaedb1c9a604ee32bcf8bc27d141db1b3bab463b1a853a6fa09f8b6bdfc7ce58e96864dd8dfbf3bbc4fb0366f69894ed42e6e7ae5162389e

Download Submit