Analysis

  • max time kernel
    86s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 21:44

General

  • Target

    fa4afe4dbfe8693675477a6d6927c06b.exe

  • Size

    306KB

  • MD5

    fa4afe4dbfe8693675477a6d6927c06b

  • SHA1

    c4495dfb5d3339a97c300e3afacd6072f69cf88a

  • SHA256

    e3a1cbeaf11f7b5d337e499433bb1923c3edec87fc59e4ba6bb8a89f6f94fb35

  • SHA512

    9214fa6ed7aedf7d4596c2113d271e11d20c9eab08e4d162d2103d5188c0794cabf9aaad469e0ccfd7e415aed309888fd4814843b5c0c36a569d029ef7dc035b

  • SSDEEP

    6144:YwJdf2Pb1Mv1vth+cWzD5mMeJV3We4WMrL/jB9XWGOwr5UpUhUjU8UG9U:j7eT1MJP+nleZ4WMr7jP

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa4afe4dbfe8693675477a6d6927c06b.exe
    "C:\Users\Admin\AppData\Local\Temp\fa4afe4dbfe8693675477a6d6927c06b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 488
      2⤵
        PID:3068

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1684-0-0x0000000074610000-0x0000000074BBB000-memory.dmp

      Filesize

      5.7MB

    • memory/1684-1-0x0000000074610000-0x0000000074BBB000-memory.dmp

      Filesize

      5.7MB

    • memory/1684-2-0x0000000002320000-0x0000000002360000-memory.dmp

      Filesize

      256KB

    • memory/1684-4-0x0000000074610000-0x0000000074BBB000-memory.dmp

      Filesize

      5.7MB

    • memory/1684-5-0x0000000002320000-0x0000000002360000-memory.dmp

      Filesize

      256KB

    • memory/3068-3-0x0000000000570000-0x0000000000571000-memory.dmp

      Filesize

      4KB

    • memory/3068-6-0x0000000000570000-0x0000000000571000-memory.dmp

      Filesize

      4KB