Analysis
-
max time kernel
1s -
max time network
22s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2024, 00:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
pasterx.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
pasterx.exe
-
Size
346KB
-
MD5
8104791042a37b7e7877396962ae2d73
-
SHA1
f78b25bf8bf391fb5957f2bfa5c7a2422208cf69
-
SHA256
2351542285b0a97ffbcef5d0395ddfa7dc6543de167daf1771ac376b756bf22d
-
SHA512
d87d4bcb8d445c6d5a20f3e9ca951168a4e08e9e82cd3320fe975fe2949a2f2828658a429f3e2b7febf99eb53840393e27d77a5497f963c9a6ad6177e9fc3b8c
-
SSDEEP
6144:XIxNn7sZLbVhRIoiP92YBD6kX8Hk/qn3eUR:XVhRW56kX8mqnO
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 5024 wrote to memory of 3660 5024 pasterx.exe 89 PID 5024 wrote to memory of 3660 5024 pasterx.exe 89 PID 5024 wrote to memory of 2996 5024 pasterx.exe 90 PID 5024 wrote to memory of 2996 5024 pasterx.exe 90 PID 5024 wrote to memory of 4644 5024 pasterx.exe 91 PID 5024 wrote to memory of 4644 5024 pasterx.exe 91 PID 5024 wrote to memory of 1516 5024 pasterx.exe 92 PID 5024 wrote to memory of 1516 5024 pasterx.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\pasterx.exe"C:\Users\Admin\AppData\Local\Temp\pasterx.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5024 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 22⤵PID:3660
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2996
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 32⤵PID:4644
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1516
-