ae61403ca3964f4452b55dcdfb7560cbf89808339293fa11017f69e7883f1b10

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ef5bfab42242151db8d978ff9cd367.exe
Size

16KB
MD5

66ef5bfab42242151db8d978ff9cd367
SHA1

789d9e6d664fa4a85c7ed5eb8133c79538c1e019
SHA256

ae61403ca3964f4452b55dcdfb7560cbf89808339293fa11017f69e7883f1b10
SHA512

af8f17f8fd3974f548bbfec8c9211b6ffabe0c008c62e034e985418cfdfabde902550ec6f0c74794392549295a699eb4ea6f3a7a26687368d43a3a12971e4b8f
SSDEEP

192:l7LlOPb00GZI6WpodvfQoEhyLPkdTp74r2hItgaBacKAN4mw:lNcGZ3JvPsmr2hItgzlm

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1856	66ef5bfab42242151db8d978ff9cd367.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12
PID 1856 wrote to memory of 1260	1856	66ef5bfab42242151db8d978ff9cd367.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1260
- C:\Users\Admin\AppData\Local\Temp\66ef5bfab42242151db8d978ff9cd367.exe
  "C:\Users\Admin\AppData\Local\Temp\66ef5bfab42242151db8d978ff9cd367.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1856-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download