4ef82e0e8d5c5f185863aa35c62ef2a944d418b08f6c59aa7a433451714681b5 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 16:02

Sharing

Report Analysis Logs

General

Target

7d65e15e9df251366d26cd15678b197e.exe
Size

964KB
MD5

7d65e15e9df251366d26cd15678b197e
SHA1

440a6dc246c70f9d5ca48e0713bb09edffd2c929
SHA256

4ef82e0e8d5c5f185863aa35c62ef2a944d418b08f6c59aa7a433451714681b5
SHA512

9c10eba0fc0b9a24d56ee982521b063e321fd15f16c7e5627d02e11ec6d276cb778b2e1cf052452af7ef3c67aa4a26c798546acb1cb3e91709c59d9dc6faf48a
SSDEEP

24576:ylnjI9LmIUu6TVaML+TKWmA7xvRVUTAx83j88RmZ:ylY613NTi8z8qo

Score

1^/10

Malware Config

Signatures

Runs net.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1616 wrote to memory of 1920	1616	7d65e15e9df251366d26cd15678b197e.exe	28
PID 1920 wrote to memory of 2864	1920	Net.exe	30
PID 1920 wrote to memory of 2864	1920	Net.exe	30
PID 1920 wrote to memory of 2864	1920	Net.exe	30
PID 1920 wrote to memory of 2864	1920	Net.exe	30
PID 1920 wrote to memory of 2864	1920	Net.exe	30
PID 1920 wrote to memory of 2864	1920	Net.exe	30
PID 1920 wrote to memory of 2864	1920	Net.exe	30

C:\Users\Admin\AppData\Local\Temp\7d65e15e9df251366d26cd15678b197e.exe
"C:\Users\Admin\AppData\Local\Temp\7d65e15e9df251366d26cd15678b197e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\Net.exe
  Net Stop PcaSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1920
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 Stop PcaSvc
    3⤵
    PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1616-2-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download