03aed0b29f20f5cd4383f94d7b716cb2e82b6833fbcaebfe9ed106601d27ddf1

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ac24cfc5d7f835c89fc278932bb0b8a.exe
Size

25KB
MD5

7ac24cfc5d7f835c89fc278932bb0b8a
SHA1

12785868d50f18deaaf6f6bd50e8670078d48ce3
SHA256

03aed0b29f20f5cd4383f94d7b716cb2e82b6833fbcaebfe9ed106601d27ddf1
SHA512

d200575c2715d4a90c7bcd338c3ecc38f344c6bbce385dfb66bc9ff7b96b2e17527439b78cf824a02f9cb00ab6f7df8a70ab9c7116d3d27134ce299d011b7e10
SSDEEP

384:JPynFcb26WxrERwdxcA+oc2fCqOGIIFY8MUFsCqaRTUBeiEyaUltNiq4g:JPynqbGac+GqqON38MUqCqaZUBPZ4g

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe
2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe
2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe
2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe
2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe
2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70
PID 2956 wrote to memory of 3520	2956	7ac24cfc5d7f835c89fc278932bb0b8a.exe	70

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3520
- C:\Users\Admin\AppData\Local\Temp\7ac24cfc5d7f835c89fc278932bb0b8a.exe
  "C:\Users\Admin\AppData\Local\Temp\7ac24cfc5d7f835c89fc278932bb0b8a.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2956-0-0x00000000006C0000-0x00000000006C7000-memory.dmp

Filesize
28KB

Download
memory/2956-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download