2351542285b0a97ffbcef5d0395ddfa7dc6543de167daf1771ac376b756bf22d

Analysis

max time kernel
1s
max time network
22s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pasterx.exe
Size

346KB
MD5

8104791042a37b7e7877396962ae2d73
SHA1

f78b25bf8bf391fb5957f2bfa5c7a2422208cf69
SHA256

2351542285b0a97ffbcef5d0395ddfa7dc6543de167daf1771ac376b756bf22d
SHA512

d87d4bcb8d445c6d5a20f3e9ca951168a4e08e9e82cd3320fe975fe2949a2f2828658a429f3e2b7febf99eb53840393e27d77a5497f963c9a6ad6177e9fc3b8c
SSDEEP

6144:XIxNn7sZLbVhRIoiP92YBD6kX8Hk/qn3eUR:XVhRW56kX8mqnO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 3660	5024	pasterx.exe	89
PID 5024 wrote to memory of 3660	5024	pasterx.exe	89
PID 5024 wrote to memory of 2996	5024	pasterx.exe	90
PID 5024 wrote to memory of 2996	5024	pasterx.exe	90
PID 5024 wrote to memory of 4644	5024	pasterx.exe	91
PID 5024 wrote to memory of 4644	5024	pasterx.exe	91
PID 5024 wrote to memory of 1516	5024	pasterx.exe	92
PID 5024 wrote to memory of 1516	5024	pasterx.exe	92

C:\Users\Admin\AppData\Local\Temp\pasterx.exe
"C:\Users\Admin\AppData\Local\Temp\pasterx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 2
  2⤵
  PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 3
  2⤵
  PID:4644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5024-0-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-1-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-2-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-3-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-4-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-5-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-6-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-7-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-8-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-9-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-10-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-11-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-12-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-13-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-14-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-15-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-16-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download
memory/5024-17-0x000002801BBB0000-0x000002801BBB1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads