d002f780f4c4f974fcc6bbbc5021b4c19bf8e17a34ea0db5b5ec8c745d4de9cb

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2548917101f1bdc62a54beaaa29c76ac.exe
Size

178KB
MD5

2548917101f1bdc62a54beaaa29c76ac
SHA1

766a2ea2bf744a4aa637e00403eefc618a0aad12
SHA256

d002f780f4c4f974fcc6bbbc5021b4c19bf8e17a34ea0db5b5ec8c745d4de9cb
SHA512

792bf01f0be8c8e13a8aaa25fda77d75afe28a0da4531d8bf88cf65fc0dd4c207143c13f4137ed73c16934749802620af0c90b93a018fbd3625c751d6b2e6506
SSDEEP

3072:EEpO+x8pNbsbLpDa4Jisk7sLQcw+biUsOWWqTWW:EEM+x8pNbsbLprJrBLZwYzjr6/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3032	2548917101f1bdc62a54beaaa29c76ac.exe
3032	2548917101f1bdc62a54beaaa29c76ac.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1272	3032	2548917101f1bdc62a54beaaa29c76ac.exe	10
PID 3032 wrote to memory of 1272	3032	2548917101f1bdc62a54beaaa29c76ac.exe	10
PID 3032 wrote to memory of 1272	3032	2548917101f1bdc62a54beaaa29c76ac.exe	10
PID 3032 wrote to memory of 1272	3032	2548917101f1bdc62a54beaaa29c76ac.exe	10
PID 3032 wrote to memory of 1272	3032	2548917101f1bdc62a54beaaa29c76ac.exe	10
PID 3032 wrote to memory of 1272	3032	2548917101f1bdc62a54beaaa29c76ac.exe	10

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1272
- C:\Users\Admin\AppData\Local\Temp\2548917101f1bdc62a54beaaa29c76ac.exe
  "C:\Users\Admin\AppData\Local\Temp\2548917101f1bdc62a54beaaa29c76ac.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1272-9-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1272-20-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/3032-3-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3032-12-0x0000000075FE0000-0x00000000760F0000-memory.dmp

Filesize
1.1MB

Download
memory/3032-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3032-2-0x0000000000260000-0x0000000000299000-memory.dmp

Filesize
228KB

Download
memory/3032-6-0x0000000077A00000-0x0000000077A01000-memory.dmp

Filesize
4KB

Download
memory/3032-7-0x00000000779FF000-0x0000000077A00000-memory.dmp

Filesize
4KB

Download
memory/3032-5-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/3032-4-0x00000000004C0000-0x00000000004D0000-memory.dmp

Filesize
64KB

Download
memory/3032-13-0x00000000004C0000-0x00000000004D0000-memory.dmp

Filesize
64KB

Download
memory/3032-15-0x0000000077A01000-0x0000000077A02000-memory.dmp

Filesize
4KB

Download
memory/3032-19-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3032-17-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/3032-1-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/3032-33-0x0000000077A38000-0x0000000077A39000-memory.dmp

Filesize
4KB

Download
memory/3032-34-0x0000000075FE0000-0x00000000760F0000-memory.dmp

Filesize
1.1MB

Download
memory/3032-35-0x0000000000260000-0x0000000000299000-memory.dmp

Filesize
228KB

Download