7b9ff4a34c6e887297a863f5b1444168f6b42fdba66e3bed3691bb4a34540c3a

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

749a5fae99433b847ed75ddc075a7379.exe
Size

185KB
MD5

749a5fae99433b847ed75ddc075a7379
SHA1

dc941c5b311e1d3cddb0fdc1677b29df69b51f76
SHA256

7b9ff4a34c6e887297a863f5b1444168f6b42fdba66e3bed3691bb4a34540c3a
SHA512

53dba393d67ffeeb48aae0b404099941e7b3035f2ce324f91e2d4d67ff8a7af130cf672a83ab37cc817e7418ae3cd8c561cb1baf9ee3484b2dcdd7f4af9dd327
SSDEEP

3072:TYAaOCa96mu983FGhEJ+cyTMumWb3xsy3AOupMveYJdj0vlXTKa9WT1p9VNSL7:EI7u9+GhEJmXme24AOuie8dQlXTKIWTY

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1848	749a5fae99433b847ed75ddc075a7379.exe
1848	749a5fae99433b847ed75ddc075a7379.exe
1848	749a5fae99433b847ed75ddc075a7379.exe
1848	749a5fae99433b847ed75ddc075a7379.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 3492	1848	749a5fae99433b847ed75ddc075a7379.exe	23
PID 1848 wrote to memory of 3492	1848	749a5fae99433b847ed75ddc075a7379.exe	23
PID 1848 wrote to memory of 3492	1848	749a5fae99433b847ed75ddc075a7379.exe	23
PID 1848 wrote to memory of 3492	1848	749a5fae99433b847ed75ddc075a7379.exe	23

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3492
- C:\Users\Admin\AppData\Local\Temp\749a5fae99433b847ed75ddc075a7379.exe
  "C:\Users\Admin\AppData\Local\Temp\749a5fae99433b847ed75ddc075a7379.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1848-8-0x0000000076FF3000-0x0000000076FF4000-memory.dmp

Filesize
4KB

Download
memory/1848-10-0x0000000002200000-0x0000000002210000-memory.dmp

Filesize
64KB

Download
memory/1848-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1848-9-0x0000000076FE3000-0x0000000076FE4000-memory.dmp

Filesize
4KB

Download
memory/1848-4-0x0000000002520000-0x0000000002530000-memory.dmp

Filesize
64KB

Download
memory/1848-7-0x0000000075210000-0x0000000075300000-memory.dmp

Filesize
960KB

Download
memory/1848-6-0x0000000002320000-0x0000000002330000-memory.dmp

Filesize
64KB

Download
memory/1848-5-0x0000000076FF2000-0x0000000076FF3000-memory.dmp

Filesize
4KB

Download
memory/1848-2-0x0000000002030000-0x0000000002034000-memory.dmp

Filesize
16KB

Download
memory/1848-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1848-3-0x0000000002070000-0x00000000020A9000-memory.dmp

Filesize
228KB

Download
memory/1848-11-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1848-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1848-18-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1848-20-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1848-22-0x0000000002070000-0x00000000020A9000-memory.dmp

Filesize
228KB

Download
memory/1848-21-0x0000000075210000-0x0000000075300000-memory.dmp

Filesize
960KB

Download
memory/3492-15-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/3492-14-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download