c129307b7281ffd0353968e386519993ef4aed139ff2a1ebe7cd67c5b040c743 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 04:43

Sharing

Report Analysis Logs

General

Target

05d5bf7467ca2a81130fe172b22c8b9b.exe
Size

27.4MB
MD5

05d5bf7467ca2a81130fe172b22c8b9b
SHA1

7007e3631c580327e4235f4ab700441982220d2b
SHA256

c129307b7281ffd0353968e386519993ef4aed139ff2a1ebe7cd67c5b040c743
SHA512

3c4b35d99a9df19bd813c263234d8e1445ac895bcc1aadb8e553b5e738e5dcf7ae6fd3346d505c41a981dd1a13eb59097202add60d5d12018ba7f54bee510ff0
SSDEEP

786432:NBHCED7VbZYM1owQpRuuc6kILo1l2FjjaW:NBHCUYMCw4uunov2Fj2W

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe
2196	05d5bf7467ca2a81130fe172b22c8b9b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2196	3016	05d5bf7467ca2a81130fe172b22c8b9b.exe	28
PID 3016 wrote to memory of 2196	3016	05d5bf7467ca2a81130fe172b22c8b9b.exe	28
PID 3016 wrote to memory of 2196	3016	05d5bf7467ca2a81130fe172b22c8b9b.exe	28

C:\Users\Admin\AppData\Local\Temp\05d5bf7467ca2a81130fe172b22c8b9b.exe
"C:\Users\Admin\AppData\Local\Temp\05d5bf7467ca2a81130fe172b22c8b9b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\05d5bf7467ca2a81130fe172b22c8b9b.exe
  "C:\Users\Admin\AppData\Local\Temp\05d5bf7467ca2a81130fe172b22c8b9b.exe"
  2⤵
  - Loads dropped DLL
  PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads