Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
18-01-2024 03:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
645f1bffc8a13d3ee9f788a47362757d.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
645f1bffc8a13d3ee9f788a47362757d.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
645f1bffc8a13d3ee9f788a47362757d.exe
-
Size
48KB
-
MD5
645f1bffc8a13d3ee9f788a47362757d
-
SHA1
5d4632a151f0bb5253b0ffa3877d1c7a62215dfd
-
SHA256
365421af058d622e1a47dabcccc24d34a565335fc2af0ac0f6233109c366773b
-
SHA512
d7990c79a5ebe97578035b29cbcb2bdcd758ee5f19c7f1efa7f321d88b6110040982d0e683e45365c27e80b3bb4a9c16c323911e940fb1c7287e0d2316774c74
-
SSDEEP
1536:RVxTgmAekjFXDGh76t8PBU44SB3J4nnQZlq:RVxTgzeuCMKJJ4SB3JGQnq
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2968 645f1bffc8a13d3ee9f788a47362757d.exe 2968 645f1bffc8a13d3ee9f788a47362757d.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2968 wrote to memory of 1232 2968 645f1bffc8a13d3ee9f788a47362757d.exe 16 PID 2968 wrote to memory of 1232 2968 645f1bffc8a13d3ee9f788a47362757d.exe 16 PID 2968 wrote to memory of 1232 2968 645f1bffc8a13d3ee9f788a47362757d.exe 16 PID 2968 wrote to memory of 1232 2968 645f1bffc8a13d3ee9f788a47362757d.exe 16 PID 2968 wrote to memory of 1232 2968 645f1bffc8a13d3ee9f788a47362757d.exe 16 PID 2968 wrote to memory of 1232 2968 645f1bffc8a13d3ee9f788a47362757d.exe 16
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1232
-
C:\Users\Admin\AppData\Local\Temp\645f1bffc8a13d3ee9f788a47362757d.exe"C:\Users\Admin\AppData\Local\Temp\645f1bffc8a13d3ee9f788a47362757d.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2968
-