e6c1f2f93bbe4cfbd6bbd59ee58e93244c636d53303dac0620a0d4d45dffcaa1 | Triage

Analysis

max time kernel
141s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 10:53

Sharing

Report Analysis Logs

General

Target

18afbc7c69daf02de3447384fcb37227.exe
Size

168KB
MD5

18afbc7c69daf02de3447384fcb37227
SHA1

2ae85c5537ed3f3b05264c62d52b1c956512b761
SHA256

e6c1f2f93bbe4cfbd6bbd59ee58e93244c636d53303dac0620a0d4d45dffcaa1
SHA512

8544a9ac5e4121058b030c792093efdaed223f47a2c28ba4c843e2a728790582cf33bf9393aa34dcf3a34d7379e5df7e41e7ddf4a364d85d18d461fbd0eb6fb4
SSDEEP

3072:Ix+RoeEt7t8TPWJa+UVU7Vxa6a+MKsZ1lT/TNDm:++Ro/Cx+UVOmNNZTT/M

Score

1^/10

Malware Config

Signatures

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2992	18afbc7c69daf02de3447384fcb37227.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2388	2992	18afbc7c69daf02de3447384fcb37227.exe	88
PID 2992 wrote to memory of 2388	2992	18afbc7c69daf02de3447384fcb37227.exe	88
PID 2992 wrote to memory of 2388	2992	18afbc7c69daf02de3447384fcb37227.exe	88
PID 2992 wrote to memory of 2388	2992	18afbc7c69daf02de3447384fcb37227.exe	88
PID 2992 wrote to memory of 2388	2992	18afbc7c69daf02de3447384fcb37227.exe	88

C:\Users\Admin\AppData\Local\Temp\18afbc7c69daf02de3447384fcb37227.exe
"C:\Users\Admin\AppData\Local\Temp\18afbc7c69daf02de3447384fcb37227.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2992-0-0x00000000021C0000-0x00000000021C2000-memory.dmp

Filesize
8KB

Download
memory/2992-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2992-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2992-3-0x0000000000420000-0x000000000042E000-memory.dmp

Filesize
56KB

Download