75426e672b3356ed98af0b336345f4acd3f2ddf32c2997372f7cf318d7097eee | Triage

Analysis

max time kernel
153s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 23:12

Sharing

Report Analysis Logs

General

Target

HackExternal.exe
Size

391KB
MD5

26910d2402b7c193f43f5070f4c5583d
SHA1

e8834552c969bff5172c9b134a113585026cc32a
SHA256

75426e672b3356ed98af0b336345f4acd3f2ddf32c2997372f7cf318d7097eee
SHA512

b6691ddd594de66723eb82ebc071de4609a146723ba6a8fb206e0b43a845ff20746b8461711f552708636f3fcdfc39a82b99f3cfef3b9da7e6830c3e55ac4646
SSDEEP

12288:/SZvrw6MnQYqA1Bsci8weHKbH2nb2LMDb:/S5w6MnGcBs2xKbH2nywD

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1756	HackExternal.exe
1756	HackExternal.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1664	1756	HackExternal.exe	87
PID 1756 wrote to memory of 1664	1756	HackExternal.exe	87

C:\Users\Admin\AppData\Local\Temp\HackExternal.exe
"C:\Users\Admin\AppData\Local\Temp\HackExternal.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c kdmapper.exe driver.sys
  2⤵
  PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads