Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 03:40

General

  • Target

    645f1bffc8a13d3ee9f788a47362757d.exe

  • Size

    48KB

  • MD5

    645f1bffc8a13d3ee9f788a47362757d

  • SHA1

    5d4632a151f0bb5253b0ffa3877d1c7a62215dfd

  • SHA256

    365421af058d622e1a47dabcccc24d34a565335fc2af0ac0f6233109c366773b

  • SHA512

    d7990c79a5ebe97578035b29cbcb2bdcd758ee5f19c7f1efa7f321d88b6110040982d0e683e45365c27e80b3bb4a9c16c323911e940fb1c7287e0d2316774c74

  • SSDEEP

    1536:RVxTgmAekjFXDGh76t8PBU44SB3J4nnQZlq:RVxTgzeuCMKJJ4SB3JGQnq

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1232
      • C:\Users\Admin\AppData\Local\Temp\645f1bffc8a13d3ee9f788a47362757d.exe
        "C:\Users\Admin\AppData\Local\Temp\645f1bffc8a13d3ee9f788a47362757d.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2968

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1232-0-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

    • memory/1232-8-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

      Filesize

      24KB

    • memory/2968-4-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

    • memory/2968-2-0x0000000000400000-0x000000000040DE42-memory.dmp

      Filesize

      55KB