786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1 | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 19:39

Sharing

Report Analysis Logs

General

Target

c6b4a2eb53f687988c0427cf752d429f.exe
Size

455KB
MD5

c6b4a2eb53f687988c0427cf752d429f
SHA1

d6b3299043950047524087631f72375b68bfc36d
SHA256

786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1
SHA512

ded0daa7672ade2aabf1695c67441c0c488b8f44170ebd438105936eeac2a4d9fb7da1aef48565bb42caf6807eb4f0157a0de43ddf4731e5d3c428e8cf034dee
SSDEEP

12288:TdmwkAYHSHrxntq1FM3LIU1pJJpjNc91662/TeIXL:TfzksOCL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2144	c6b4a2eb53f687988c0427cf752d429f.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1724	2144	c6b4a2eb53f687988c0427cf752d429f.exe	28
PID 2144 wrote to memory of 1724	2144	c6b4a2eb53f687988c0427cf752d429f.exe	28
PID 2144 wrote to memory of 1724	2144	c6b4a2eb53f687988c0427cf752d429f.exe	28
PID 2144 wrote to memory of 1724	2144	c6b4a2eb53f687988c0427cf752d429f.exe	28
PID 2144 wrote to memory of 1724	2144	c6b4a2eb53f687988c0427cf752d429f.exe	28

C:\Users\Admin\AppData\Local\Temp\c6b4a2eb53f687988c0427cf752d429f.exe
"C:\Users\Admin\AppData\Local\Temp\c6b4a2eb53f687988c0427cf752d429f.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Users\Admin\AppData\Local\Temp\c6b4a2eb53f687988c0427cf752d429f.exe"
  2⤵
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2144-0-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download