9130166f2d4737c8180a9a15c853076206f57a67136938b2266c5083fbee4771 | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 15:16

Sharing

Report Analysis Logs

General

Target

DWM13.exe
Size

816KB
MD5

abefd78b8ee8d86203e2729074564a13
SHA1

6cc943077b6ddeda8797947906fecce9d3a635a0
SHA256

9130166f2d4737c8180a9a15c853076206f57a67136938b2266c5083fbee4771
SHA512

77574868046e9d00a9bf7c8c0bed48f723d25662c1cb83d64c3e283d48de20656dd9b6661a5bba893df0461a275e39c7224710d2c9179274602db426a1d2e550
SSDEEP

24576:oknuU9+HdsAMvXtfuC56GhZLtZhCMFQgC:oknvhAMvsCJhZhZhRFQgC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2804	2376	DWM13.exe	30
PID 2376 wrote to memory of 2804	2376	DWM13.exe	30
PID 2376 wrote to memory of 2804	2376	DWM13.exe	30

C:\Users\Admin\AppData\Local\Temp\DWM13.exe
"C:\Users\Admin\AppData\Local\Temp\DWM13.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c embedded.exe
  2⤵
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2376-0-0x000000013F910000-0x000000013F9B8000-memory.dmp

Filesize
672KB

Download