f9c5f0943025ab57c6a79ef0e9478e78453a4008faf80e8c680d0ae5a7d9df01 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 21:40

Sharing

Report Analysis Logs

General

Target

loader.exe
Size

14KB
MD5

3e20cc3ab0783a61b54a56f2c41b7997
SHA1

7d9a44a292a18bf61b5382e38bed6bf4b5267a0d
SHA256

f9c5f0943025ab57c6a79ef0e9478e78453a4008faf80e8c680d0ae5a7d9df01
SHA512

90bea85b53dc6187d9c9f9f8bc7a72d2f0229be6d898c500b7c8c0d7d8f7e84b39f9a7a551495f803f42177cdb3273ea58b6b00da28f067ff327ab527de34bc5
SSDEEP

192:PHRwFUb07+97E4h6317Qvl9kb3H8eZ+p9K6TAyMBYH3Q5tfBDY:PHRwCb07+97XItQv7kLcvh0Xi3N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2316	2060	loader.exe	29
PID 2060 wrote to memory of 2316	2060	loader.exe	29
PID 2060 wrote to memory of 2316	2060	loader.exe	29
PID 2060 wrote to memory of 2668	2060	loader.exe	30
PID 2060 wrote to memory of 2668	2060	loader.exe	30
PID 2060 wrote to memory of 2668	2060	loader.exe	30

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\ProgramData\Microsoft\eso.exe
  2⤵
  PID:2316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\ProgramData\Microsoft\eso1.exe
  2⤵
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads