ae61403ca3964f4452b55dcdfb7560cbf89808339293fa11017f69e7883f1b10

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ef5bfab42242151db8d978ff9cd367.exe
Size

16KB
MD5

66ef5bfab42242151db8d978ff9cd367
SHA1

789d9e6d664fa4a85c7ed5eb8133c79538c1e019
SHA256

ae61403ca3964f4452b55dcdfb7560cbf89808339293fa11017f69e7883f1b10
SHA512

af8f17f8fd3974f548bbfec8c9211b6ffabe0c008c62e034e985418cfdfabde902550ec6f0c74794392549295a699eb4ea6f3a7a26687368d43a3a12971e4b8f
SSDEEP

192:l7LlOPb00GZI6WpodvfQoEhyLPkdTp74r2hItgaBacKAN4mw:lNcGZ3JvPsmr2hItgzlm

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2316	66ef5bfab42242151db8d978ff9cd367.exe
2316	66ef5bfab42242151db8d978ff9cd367.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36
PID 2316 wrote to memory of 3332	2316	66ef5bfab42242151db8d978ff9cd367.exe	36

C:\Users\Admin\AppData\Local\Temp\66ef5bfab42242151db8d978ff9cd367.exe
"C:\Users\Admin\AppData\Local\Temp\66ef5bfab42242151db8d978ff9cd367.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2316

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2316-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download