e6992d74e84f7994058a60b267a7a976939e00750c97a69c2f603b3e0ba19b68 | Triage

Analysis

max time kernel
145s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:37

Sharing

Report Analysis Logs

General

Target

163ec1df8fd4b58096484084e32bd188.exe
Size

1.0MB
MD5

163ec1df8fd4b58096484084e32bd188
SHA1

80f400346437e6dbc7d35b6f80b129c1b28f400f
SHA256

e6992d74e84f7994058a60b267a7a976939e00750c97a69c2f603b3e0ba19b68
SHA512

6b811fe7b4b6658e804f5752103af3850686d3b69d85a09ff1b0d19769499143b9c45f9160f47cdaf93f6b2320f7f19b99617a883219f995169502cc4cce5c70
SSDEEP

24576:FuiDd76pIEt7hqxjQPcfKIqbInznQ0+a9ZuZ:FNDd7eBA7q8nzQ04

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 3732	4644	163ec1df8fd4b58096484084e32bd188.exe	39
PID 4644 wrote to memory of 3732	4644	163ec1df8fd4b58096484084e32bd188.exe	39
PID 4644 wrote to memory of 3732	4644	163ec1df8fd4b58096484084e32bd188.exe	39

C:\Users\Admin\AppData\Local\Temp\163ec1df8fd4b58096484084e32bd188.exe
"C:\Users\Admin\AppData\Local\Temp\163ec1df8fd4b58096484084e32bd188.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Users\Admin\AppData\Local\Temp\163ec1df8fd4b58096484084e32bd188.exe
  "C:\Users\Admin\AppData\Local\Temp\163ec1df8fd4b58096484084e32bd188.exe"
  2⤵
  PID:3732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads