06398df33fcf660f616a32489b2c4e5f1f6451b69869bdbb413e20f4689c6bef | Triage

Analysis

max time kernel
143s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 02:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DCF4.exe
Size

632KB
MD5

524eed078cc874067a830e17e181d067
SHA1

fb9374c6bc4d4d16f69f6c552dc44565405632ca
SHA256

06398df33fcf660f616a32489b2c4e5f1f6451b69869bdbb413e20f4689c6bef
SHA512

d3f42610bea81288a2bbecfe02cc15af524b82552910d609853af87c616adacd8ca27b03941c45bf42c32cf51723eefc68b0765b7361bbf0a455649363004041
SSDEEP

12288:PCM1AG+Hdsy7Mf9ysExfgNNnzFZ9rWIT71+6d:PYG+HdsAMlux4vBrWIT706d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2988	2472	DCF4.exe	29
PID 2472 wrote to memory of 2988	2472	DCF4.exe	29
PID 2472 wrote to memory of 2988	2472	DCF4.exe	29

C:\Users\Admin\AppData\Local\Temp\DCF4.exe
"C:\Users\Admin\AppData\Local\Temp\DCF4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2472-0-0x000000013F710000-0x000000013F794000-memory.dmp

Filesize
528KB

Download