366bcdf81ea6b2d9f7bc7483b93304e80212aa860e2a0762c69f2718ddff657d | Triage

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 14:36

Sharing

Report Analysis Logs

General

Target

DEH3.exe
Size

632KB
MD5

4f6a430e35087709258a9462599d0475
SHA1

0479dee1db01b19c40a0b6c49120db860f3c91dd
SHA256

366bcdf81ea6b2d9f7bc7483b93304e80212aa860e2a0762c69f2718ddff657d
SHA512

97df801828e8fc6a9766ce72fab5e881aaa3d41bb0e477a413c1ecea4a9b2f6147b42f75317596bc509f410dc1a9e403beb1b7c1d7b91e96a20a65a3197a752f
SSDEEP

12288:UCS1jU+Hdsy7Mf2y0EBfvXNnz7Qj0WIT71e6d:U5U+HdsAMuGBnN5WIT7M6d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 1756	2452	DEH3.exe	29
PID 2452 wrote to memory of 1756	2452	DEH3.exe	29
PID 2452 wrote to memory of 1756	2452	DEH3.exe	29

C:\Users\Admin\AppData\Local\Temp\DEH3.exe
"C:\Users\Admin\AppData\Local\Temp\DEH3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2452-0-0x000000013FFA0000-0x0000000140024000-memory.dmp

Filesize
528KB

Download