5c285ab7d9f7b76c19ab300fa5ac810b623d4b3c1bfd4142e31183e9aab7c467 | Triage

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 07:08

Sharing

Report Analysis Logs

General

Target

DLP1.exe
Size

631KB
MD5

b4301236546d79daf3928dcc765d1fea
SHA1

fa51f4d3982eaca2607918cb1bcd0797208a8d5a
SHA256

5c285ab7d9f7b76c19ab300fa5ac810b623d4b3c1bfd4142e31183e9aab7c467
SHA512

93c02cae6d9d14e455eee7024804d02d8ec2d6599ce04e54ebea2911f8e488a242c8cad7f8705967839b4451756479a32c273e4de197026aac6315cca01be880
SSDEEP

12288:1h5XP+Hdsy7MfpE9ftJonSf7azZYGWIT7190d:1/P+HdsAMxE9FRO2GWIT7H0d

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3056	DLP1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2648	3056	DLP1.exe	29
PID 3056 wrote to memory of 2648	3056	DLP1.exe	29
PID 3056 wrote to memory of 2648	3056	DLP1.exe	29

C:\Users\Admin\AppData\Local\Temp\DLP1.exe
"C:\Users\Admin\AppData\Local\Temp\DLP1.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3056-0-0x000000013F1F0000-0x000000013F274000-memory.dmp

Filesize
528KB

Download