d883b27395c780c51ca9ded1c88ad42d95783f6824b71e6ef1948e612e096bcc | Triage

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 22:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Aor.exe
Size

488KB
MD5

e5f81c2712dde6157c2b2534586ace34
SHA1

dfc2a5a0e18671cd2ad32b5557f3ed27a7548604
SHA256

d883b27395c780c51ca9ded1c88ad42d95783f6824b71e6ef1948e612e096bcc
SHA512

65a8581f311c31cecfd2912a010c727469afc9b2cdd824c8919d5a208a20a949d35634fa2fa2643cc97f0215f417dd4fd6c75c6dd3395373f7b94e7a688bde71
SSDEEP

6144:qX4ShmA3S+XKnkT2Run2eKVuUiEkHyCivxklr6DSTr+GwmogOKHetND9zLEikdq:qojBFkqI2ZsAN5bK6gB+0dq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 1312	4088	Aor.exe	94
PID 4088 wrote to memory of 1312	4088	Aor.exe	94

C:\Users\Admin\AppData\Local\Temp\Aor.exe
"C:\Users\Admin\AppData\Local\Temp\Aor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4088-0-0x0000028446250000-0x0000028446251000-memory.dmp

Filesize
4KB

Download
memory/4088-2-0x00007FF778760000-0x00007FF7787DA000-memory.dmp

Filesize
488KB

Download
memory/4088-5-0x00007FF778760000-0x00007FF7787DA000-memory.dmp

Filesize
488KB

Download