7a665c78718b50a3a482da32c0b88f7c5c03ad29a70d59cc9186dbc54a3ea884

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7659d2c0ce0505eb24693761d6655c56.exe
Size

172KB
MD5

7659d2c0ce0505eb24693761d6655c56
SHA1

8b24adc3a6160fdcc2661139c6a63bb20d0f87b7
SHA256

7a665c78718b50a3a482da32c0b88f7c5c03ad29a70d59cc9186dbc54a3ea884
SHA512

b3f7793a8f0ce1160bb0954d035be864f31742070f6c171651996afbac2e51d379dedbfef573198a1da434ef7367bd02e8e9a2d6b35fe85ba134bdfee4fd7224
SSDEEP

3072:QknIZjK/nRhby8WpnCrH2+mX5mF5iUzakPhpY8y5PXe233Wo6N1n/WDEvcCRqFns:QkIZui2HkX5mPiUzDaRGzN1/Wo0Cy16

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2168	7659d2c0ce0505eb24693761d6655c56.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1204	2168	7659d2c0ce0505eb24693761d6655c56.exe	13
PID 2168 wrote to memory of 1204	2168	7659d2c0ce0505eb24693761d6655c56.exe	13
PID 2168 wrote to memory of 1204	2168	7659d2c0ce0505eb24693761d6655c56.exe	13
PID 2168 wrote to memory of 1204	2168	7659d2c0ce0505eb24693761d6655c56.exe	13
PID 2168 wrote to memory of 1204	2168	7659d2c0ce0505eb24693761d6655c56.exe	13
PID 2168 wrote to memory of 1204	2168	7659d2c0ce0505eb24693761d6655c56.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\7659d2c0ce0505eb24693761d6655c56.exe
  "C:\Users\Admin\AppData\Local\Temp\7659d2c0ce0505eb24693761d6655c56.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-7-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1204-20-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2168-10-0x00000000761C0000-0x00000000762D0000-memory.dmp

Filesize
1.1MB

Download
memory/2168-11-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2168-5-0x000000007792F000-0x0000000077930000-memory.dmp

Filesize
4KB

Download
memory/2168-4-0x0000000077930000-0x0000000077931000-memory.dmp

Filesize
4KB

Download
memory/2168-6-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/2168-3-0x0000000001F10000-0x0000000001F20000-memory.dmp

Filesize
64KB

Download
memory/2168-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-2-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-14-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-13-0x0000000000390000-0x00000000003A0000-memory.dmp

Filesize
64KB

Download
memory/2168-16-0x0000000077931000-0x0000000077932000-memory.dmp

Filesize
4KB

Download
memory/2168-12-0x0000000000260000-0x0000000000299000-memory.dmp

Filesize
228KB

Download
memory/2168-18-0x0000000001D60000-0x0000000001E60000-memory.dmp

Filesize
1024KB

Download
memory/2168-1-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/2168-33-0x0000000077968000-0x0000000077969000-memory.dmp

Filesize
4KB

Download
memory/2168-34-0x00000000761C0000-0x00000000762D0000-memory.dmp

Filesize
1.1MB

Download