a46986dfe3a9f9bd6e0cb42ed6bc609e7324487c841b1909f4066c6e5c6f0876 | Triage

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 21:52

Sharing

Report Analysis Logs

General

Target

result.exe
Size

629KB
MD5

af829fefc5fe332f963366da120cebae
SHA1

23ddd0e538b415aa70d60b70b3844979eaa80fd5
SHA256

a46986dfe3a9f9bd6e0cb42ed6bc609e7324487c841b1909f4066c6e5c6f0876
SHA512

451ceae99e0edec491f2ec600dcb521a7b1637409a1208d90e5b32451cc00dca16ff69a15e2c3ea1b0a97f2273629235abc06f8f50667fcea29e0c6629649b99
SSDEEP

12288:EAan+Hdsy7MfFVGNG6Yj5G676i8B9WIT71C6d:Ern+HdsAMNwI6YFajWIT7c6d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1212	1376	result.exe	31
PID 1376 wrote to memory of 1212	1376	result.exe	31
PID 1376 wrote to memory of 1212	1376	result.exe	31

C:\Users\Admin\AppData\Local\Temp\result.exe
"C:\Users\Admin\AppData\Local\Temp\result.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-0-0x000000013F620000-0x000000013F6A3000-memory.dmp

Filesize
524KB

Download