Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
14-12-2023 05:06
Static task
static1
Behavioral task
behavioral1
Sample
3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe
Resource
win10v2004-20231127-en
General
-
Target
3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe
-
Size
533KB
-
MD5
5a282fde0b4bde067ea3d07c2f614dbc
-
SHA1
61e26c00871ef622a6fbcdd529c4bbfeadf90e2f
-
SHA256
3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349
-
SHA512
897e59321e854f6cbd96d2c51cb4409032439e49d049f39ddb1d6de1cb21c2e575ca5d6d25d9682d00dad9a122e171fd1cdf4a576046b15dc4a9380a41a57a38
-
SSDEEP
6144:L6T8DG3+zMz4wwA191j7HawIAFZ4eN/+fA2QnCK6ViEhlDbxzJ+vuV1VGuvyCLgD:L6wi1DH19on64eN/+fp1U0JGy7z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exedescription pid process target process PID 1672 wrote to memory of 2276 1672 3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe notepad.exe PID 1672 wrote to memory of 2276 1672 3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe notepad.exe PID 1672 wrote to memory of 2276 1672 3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe notepad.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe"C:\Users\Admin\AppData\Local\Temp\3b49936520db4b5d6797a6be50a2a72a3bcb774a773eefd0daf80e2900147349.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\notepad.exenotepad.exe2⤵