Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-12-2023 23:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
19aa66f2ca96ec4579ee920e9ec1c73c.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
19aa66f2ca96ec4579ee920e9ec1c73c.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
19aa66f2ca96ec4579ee920e9ec1c73c.exe
-
Size
433KB
-
MD5
19aa66f2ca96ec4579ee920e9ec1c73c
-
SHA1
fca845bb38cbd038912a9150566a13f5af2f1d4e
-
SHA256
e75e132f419523529e59356445a2f5bb1a031281344a85598ba5059e608f8549
-
SHA512
a3e3e76e3198bccd60d1235c403e108fad8bf674b5cead354b2a0e2e0439a80c13b18065ca41cd674b62599f805a862ab1c704c9ee01f22219c12131cf385581
-
SSDEEP
6144:w09XrpG6Bcwqh3SB4Rb3DggpBMDPnGQ5njdynEqLl4p8dVRWuR4AY+SoKm6+hwou:wAdG6OE6YNDPlh43lFVRWuGAYqu
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
19aa66f2ca96ec4579ee920e9ec1c73c.exepid process 3068 19aa66f2ca96ec4579ee920e9ec1c73c.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
19aa66f2ca96ec4579ee920e9ec1c73c.exedescription pid process target process PID 3068 wrote to memory of 2100 3068 19aa66f2ca96ec4579ee920e9ec1c73c.exe MSBuild.exe PID 3068 wrote to memory of 2100 3068 19aa66f2ca96ec4579ee920e9ec1c73c.exe MSBuild.exe PID 3068 wrote to memory of 2100 3068 19aa66f2ca96ec4579ee920e9ec1c73c.exe MSBuild.exe PID 3068 wrote to memory of 2100 3068 19aa66f2ca96ec4579ee920e9ec1c73c.exe MSBuild.exe PID 3068 wrote to memory of 2100 3068 19aa66f2ca96ec4579ee920e9ec1c73c.exe MSBuild.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\19aa66f2ca96ec4579ee920e9ec1c73c.exe"C:\Users\Admin\AppData\Local\Temp\19aa66f2ca96ec4579ee920e9ec1c73c.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\19aa66f2ca96ec4579ee920e9ec1c73c.exe"2⤵PID:2100