8ce638ec4b15e9d3304039c6fbe17e2e4ed922d14342b8cebc2a690ae4d3522e | Triage

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 01:21

Sharing

Report Analysis Logs

General

Target

DEM4.exe
Size

632KB
MD5

4835f5ea11c180a289d2cb6847fd6583
SHA1

fa746c9142c199796a5deff2f6e46471287cc910
SHA256

8ce638ec4b15e9d3304039c6fbe17e2e4ed922d14342b8cebc2a690ae4d3522e
SHA512

f6e9eb8b20b290c5672d771803dd1f5549d9deed47dacc121bacb61cde319cc9dc4eacef1acded6bc00628dc071dc992e1684abd01ef444049dfe8c2ed6080a2
SSDEEP

12288:DgrFN+Hdsy7Mfwd6I4+H62ku25g6WIT71D6d:DYN+HdsAMYd6IPXiWIT7l6d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 3032	2788	DEM4.exe	29
PID 2788 wrote to memory of 3032	2788	DEM4.exe	29
PID 2788 wrote to memory of 3032	2788	DEM4.exe	29

C:\Users\Admin\AppData\Local\Temp\DEM4.exe
"C:\Users\Admin\AppData\Local\Temp\DEM4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2788-0-0x000000013FA00000-0x000000013FA84000-memory.dmp

Filesize
528KB

Download