68ec38b25d657adf6834928b0522223377487d8cc9cd921c110c8fc5a987b2ac | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:56

Sharing

Report Analysis Logs

General

Target

18decc0965acf8a377522bc92a6ac58d.exe
Size

3.7MB
MD5

18decc0965acf8a377522bc92a6ac58d
SHA1

cc98ca916c16e1dccecbf24422583f4fffecd705
SHA256

68ec38b25d657adf6834928b0522223377487d8cc9cd921c110c8fc5a987b2ac
SHA512

aec08e9d41f006c99f757a95f38ea6a3001fd5dac51fd5e1650137bc196c68e5f280804720318b4b53f187bf6885a821629d4efe32a1a6ee9815040d48ccfcc4
SSDEEP

98304:yltf/q1z83GUa4zfY3HlLDP6GD2GWo825:m41zoaUfYVLDP6iWZ25

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2968 wrote to memory of 2912	2968	18decc0965acf8a377522bc92a6ac58d.exe	17
PID 2912 wrote to memory of 2888	2912	Net.exe	18
PID 2912 wrote to memory of 2888	2912	Net.exe	18
PID 2912 wrote to memory of 2888	2912	Net.exe	18
PID 2912 wrote to memory of 2888	2912	Net.exe	18
PID 2912 wrote to memory of 2888	2912	Net.exe	18
PID 2912 wrote to memory of 2888	2912	Net.exe	18
PID 2912 wrote to memory of 2888	2912	Net.exe	18

C:\Users\Admin\AppData\Local\Temp\18decc0965acf8a377522bc92a6ac58d.exe
"C:\Users\Admin\AppData\Local\Temp\18decc0965acf8a377522bc92a6ac58d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2968-6-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download