611fd5b9d018315c80b4e858948220df8c31ec01af88b616d46c7b00ed9e4a96 | Triage

Resubmissions

31-12-2023 14:51

231231-r8gkpagfbm 3

31-12-2023 14:50

231231-r7qrzagfbj 3

Analysis

max time kernel
5s
max time network
130s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:51

Sharing

Report Analysis Logs

General

Target

Reversed.exe
Size

640KB
MD5

625964eb5cf0fdc1d5b77666359a8dd5
SHA1

3d8daa1734db83eb1f3cfa85a349c3da4a6bb4aa
SHA256

611fd5b9d018315c80b4e858948220df8c31ec01af88b616d46c7b00ed9e4a96
SHA512

9b1d3cf96c5056a69325a3374f569b608ab2e788cdaf29739c09d425df8d403669216e93292c7cac403baa87d7e5fb139fd3a9375ff7b54c22decc133aa128a0
SSDEEP

12288:fsbxmVj6hhwcxc0XW1kescUbHykjksx2BwdEYRgxrxJEaqr:fsAVj6hecenscUbS3u2qEYRKrxJEn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2996	2908	Reversed.exe	32
PID 2908 wrote to memory of 2996	2908	Reversed.exe	32
PID 2908 wrote to memory of 2996	2908	Reversed.exe	32
PID 2996 wrote to memory of 2992	2996	cmd.exe	31
PID 2996 wrote to memory of 2992	2996	cmd.exe	31
PID 2996 wrote to memory of 2992	2996	cmd.exe	31
PID 2996 wrote to memory of 2172	2996	cmd.exe	30
PID 2996 wrote to memory of 2172	2996	cmd.exe	30
PID 2996 wrote to memory of 2172	2996	cmd.exe	30
PID 2996 wrote to memory of 3024	2996	cmd.exe	29
PID 2996 wrote to memory of 3024	2996	cmd.exe	29
PID 2996 wrote to memory of 3024	2996	cmd.exe	29

C:\Users\Admin\AppData\Local\Temp\Reversed.exe
"C:\Users\Admin\AppData\Local\Temp\Reversed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Reversed.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2996

C:\Windows\system32\find.exe
find /i /v "certutil"
1⤵
PID:3024

C:\Windows\system32\find.exe
find /i /v "md5"
1⤵
PID:2172

C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Reversed.exe" MD5
1⤵
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads