fff71b70310cac2460f312ba97dce43aef7a7d0851d4955e332fc895d680a390 | Triage

Analysis

max time kernel
131s
max time network
140s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
24-02-2024 15:23

Sharing

Report Analysis Logs

General

Target

severe_1/severe/software.exe
Size

290KB
MD5

0fdf86712b07b8568aaae81f505e9d54
SHA1

494fd0668d5f68bd2cf50c0d5d0d83faff49645e
SHA256

d3a080343f8c365724a55a0a0e7f9c0e85c69b3559a524b6c449232e63954bbf
SHA512

860b1ab6c3e0bb40404ecf91ae38179bc2adc2b6477348ade661d6cb4b6ca367a6c9806528e82962d62ca401fdee374d5f15b13e864a16fd03023c8bd9de1ae8
SSDEEP

6144:we4j+ZP8pFb7nMyKphq+pcsrRe5+gmCI5QeAg:z4RnnMyKb9Ssro+nt

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2720	software.exe
2720	software.exe
2720	software.exe
2720	software.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4356	2720	software.exe	73
PID 2720 wrote to memory of 4356	2720	software.exe	73
PID 4356 wrote to memory of 508	4356	cmd.exe	74
PID 4356 wrote to memory of 508	4356	cmd.exe	74

C:\Users\Admin\AppData\Local\Temp\severe_1\severe\software.exe
"C:\Users\Admin\AppData\Local\Temp\severe_1\severe\software.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c updater.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\severe_1\severe\updater.exe
    updater.exe
    3⤵
    PID:508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads