4292b103eed9a263664a0d594ecc3eb6750719dc9fb5632813ce734110c30ed7 | Triage

Analysis

max time kernel
33s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 15:25

Sharing

Report Analysis Logs

General

Target

forvmbox4.exe
Size

93KB
MD5

a0e1fb30b44c6a17ce0b474a97fa9eed
SHA1

87e55df34421f3ef302bab98d594942444d04e11
SHA256

4292b103eed9a263664a0d594ecc3eb6750719dc9fb5632813ce734110c30ed7
SHA512

3d7a90202278ccf3a5273df036c5a985a3da4ff5b177c79eca25cbaccfdf269378021034fc4311c85bd96c19ace894b5cac3893f8387c71c783d2a3b1653cb03
SSDEEP

1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfIwVpBNOF:L7DhdC6kzWypvaQ0FxyNTBfISE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 3040	372	forvmbox4.exe	83
PID 372 wrote to memory of 3040	372	forvmbox4.exe	83

C:\Users\Admin\AppData\Local\Temp\forvmbox4.exe
"C:\Users\Admin\AppData\Local\Temp\forvmbox4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\702F.tmp\7030.tmp\7031.bat C:\Users\Admin\AppData\Local\Temp\forvmbox4.exe"
  2⤵
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\702F.tmp\7030.tmp\7031.bat

Filesize
4KB

MD5
7b321c335c4330a0e3fa54b0e1eb052a

SHA1
7c1ed536a37f420a91e6ce49228e489a278fb5fe

SHA256
9557054b07ef92de4102919c3660a3e5404acab7bb3b40357f67e715591afaf2

SHA512
943cf8da1fdb8468eaedb1c9a604ee32bcf8bc27d141db1b3bab463b1a853a6fa09f8b6bdfc7ce58e96864dd8dfbf3bbc4fb0366f69894ed42e6e7ae5162389e

Download Submit