fa4b3c1dd6c50d2a8f3a8d78c5cf7ee9bd5727a933b578525fdb081a7db3c720 | Triage

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23-01-2024 21:30

Sharing

Report Analysis Logs

General

Target

709b7d37e7d510f503b12830fe20bfe2.exe
Size

21KB
MD5

709b7d37e7d510f503b12830fe20bfe2
SHA1

7b9f213ac7f63b3ac1a4cacbb893fb14b4d57820
SHA256

fa4b3c1dd6c50d2a8f3a8d78c5cf7ee9bd5727a933b578525fdb081a7db3c720
SHA512

2acc50260760c8ea2c651904c3d7c03184f1497f71d3f8d34ae3ed1091910ef5375070ff915317bfe670818ae3fb5245fdf0de7ef1e8c199b04464364ba929e6
SSDEEP

384:MDo0oNAEAnqYLhPjfynF0gtakzRSZVeiEPAPWWf:Ko0oPAqehbanF06a0gP1EPA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2256	1640	709b7d37e7d510f503b12830fe20bfe2.exe	28
PID 1640 wrote to memory of 2256	1640	709b7d37e7d510f503b12830fe20bfe2.exe	28
PID 1640 wrote to memory of 2256	1640	709b7d37e7d510f503b12830fe20bfe2.exe	28
PID 1640 wrote to memory of 2256	1640	709b7d37e7d510f503b12830fe20bfe2.exe	28

C:\Users\Admin\AppData\Local\Temp\709b7d37e7d510f503b12830fe20bfe2.exe
"C:\Users\Admin\AppData\Local\Temp\709b7d37e7d510f503b12830fe20bfe2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c START service.exe
  2⤵
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-18-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2256-10-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download