Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 05:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
767ff65d4ac23c72ff613718bad1c65f.exe
Resource
win7-20231215-en
2 signatures
150 seconds
General
-
Target
767ff65d4ac23c72ff613718bad1c65f.exe
-
Size
325KB
-
MD5
767ff65d4ac23c72ff613718bad1c65f
-
SHA1
228a211622dd3a16d94e9a8e52b6b58f789ffa5e
-
SHA256
130aab8a31c0ee448e9dfa04b6b5937bb0013aa22583d8fbcc60e75c2c3f1417
-
SHA512
84776d6350a5a51c79758df86106fe80ce4bf5297313874959299654883e58525dc52dae018d4cecc3db10cac7962d00298c32df49095d3bffafa215f93421e8
-
SSDEEP
6144:8Rrf0xh3Hfr5YwuLpVoG3SyeGl4wVIg4pqSzafxCKEQC8hcLc0fpZGF:Krf0P3HD5Y3lKwYgSKx+4ac0fpZw
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2664 767ff65d4ac23c72ff613718bad1c65f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2664 wrote to memory of 2220 2664 767ff65d4ac23c72ff613718bad1c65f.exe 28 PID 2664 wrote to memory of 2220 2664 767ff65d4ac23c72ff613718bad1c65f.exe 28 PID 2664 wrote to memory of 2220 2664 767ff65d4ac23c72ff613718bad1c65f.exe 28 PID 2664 wrote to memory of 2220 2664 767ff65d4ac23c72ff613718bad1c65f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\767ff65d4ac23c72ff613718bad1c65f.exe"C:\Users\Admin\AppData\Local\Temp\767ff65d4ac23c72ff613718bad1c65f.exe"1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\767ff65d4ac23c72ff613718bad1c65f.exe"2⤵PID:2220
-