d1bb9f200fa0d6d5df539a8be2904d7c4a8f9b13502b3927a4eb9b3187ecbc0d | Triage

Resubmissions

12/10/2023, 11:17

231012-nd3b5afc4x 3

12/10/2023, 11:14

231012-ncgzsshb57 3

12/10/2023, 11:10

231012-m91mqsfa4z 3

Analysis

max time kernel
153s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 11:17

Sharing

Report Analysis Logs

General

Target

brute12.exe
Size

51KB
MD5

2ad554f805ee5581af320427387727a3
SHA1

1aa3702ff715ce3e3bfac1a1bc799593079117c8
SHA256

d1bb9f200fa0d6d5df539a8be2904d7c4a8f9b13502b3927a4eb9b3187ecbc0d
SHA512

527850cd30e6d4de9674a65f880ec7d27229b0ed6b5fd676c4e044fb426829e05257e6d8cc618d09abcce5be459e5c42ddf82e69ca7e6e38a0577d9bd3df8517
SSDEEP

768:FJNUQQyas+YLkEQSYZMsiWNF60LS35323Taz06PiaROZYk/9wv05i84K9xTosqHB:FJ+bZjFh5hIUqcv/kt

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 1984	976	cmd.exe	106
PID 976 wrote to memory of 1984	976	cmd.exe	106
PID 976 wrote to memory of 1984	976	cmd.exe	106
PID 976 wrote to memory of 1148	976	cmd.exe	111
PID 976 wrote to memory of 1148	976	cmd.exe	111
PID 976 wrote to memory of 1148	976	cmd.exe	111

C:\Users\Admin\AppData\Local\Temp\brute12.exe
"C:\Users\Admin\AppData\Local\Temp\brute12.exe"
1⤵
PID:1464

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4672

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Users\Admin\AppData\Local\Temp\brute12.exe
  brute12.exe
  2⤵
  PID:1984
- C:\Users\Admin\AppData\Local\Temp\brute12.exe
  brute12.exe wmsetup.log dd_vcredistUI420E.txt
  2⤵
  PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1148-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1464-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1984-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download