f1aa0e9e77cbd7db247d92a981d7bf4f586c7453a78e129a80e8cdd26727f756 | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 00:57

Sharing

Report Analysis Logs

General

Target

8af9e22ff43f28bf2abb5e26059b28ac.exe
Size

76KB
MD5

8af9e22ff43f28bf2abb5e26059b28ac
SHA1

439d8640f04fddadbf472df019444f5714eb3565
SHA256

f1aa0e9e77cbd7db247d92a981d7bf4f586c7453a78e129a80e8cdd26727f756
SHA512

e0c1e3b49dc66ca1b2ab1e5a9d3e560dd1601a9f73aaedcb84db0fc6b7fff0a4bf4a7b0f12f10f709269134f302307e18cf591b85fcad6a558bdd11dea541665
SSDEEP

1536:8uOo7U2AUgTBoxCU44XxdcaV9biUVe+v1eaof7ck:8uOoQ2AU9xCCOa+UV91izV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1728	1668	8af9e22ff43f28bf2abb5e26059b28ac.exe	23
PID 1668 wrote to memory of 1728	1668	8af9e22ff43f28bf2abb5e26059b28ac.exe	23
PID 1668 wrote to memory of 1728	1668	8af9e22ff43f28bf2abb5e26059b28ac.exe	23

C:\Users\Admin\AppData\Local\Temp\8af9e22ff43f28bf2abb5e26059b28ac.exe
"C:\Users\Admin\AppData\Local\Temp\8af9e22ff43f28bf2abb5e26059b28ac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\8af9e22ff43f28bf2abb5e26059b28ac.exe
  "C:\Users\Admin\AppData\Local\Temp\8af9e22ff43f28bf2abb5e26059b28ac.exe" 6231496753489067719
  2⤵
  PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1728-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1728-12-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download