3e4d2943ab33ddc0ee332623962027bb68ae3a956227622428b9579f11192c94 | Triage

Analysis

max time kernel
139s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 19:45

Sharing

Report Analysis Logs

General

Target

bqwvzl40.exe
Size

99KB
MD5

0e14a49865b35f083738ed90e36bb16b
SHA1

97ac5f852e994e1836c5f3d78df743f4dd4e6c28
SHA256

1c59a0eeca0104e735b3cd93aad92c8dbdcbba8928cad8ae66dbaa09227cce55
SHA512

9376cad2ae6499d3f2335c837d9b60f9c943266b9fdff73d9e8662fe771b70de6ae5851aaaa0eb362c04c7427d3fbd3c64f82210cb7527e25c57a36a84f8e435
SSDEEP

1536:89LycnTDeYz5h3nUDgZNhZYPrik10ftD/V72WSI17eJoQOckOeJW:6ycuYzvkDgZhgfs1/59SIUJoQj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2188	1636	bqwvzl40.exe	28
PID 1636 wrote to memory of 2188	1636	bqwvzl40.exe	28
PID 1636 wrote to memory of 2188	1636	bqwvzl40.exe	28
PID 1636 wrote to memory of 2188	1636	bqwvzl40.exe	28

C:\Users\Admin\AppData\Local\Temp\bqwvzl40.exe
"C:\Users\Admin\AppData\Local\Temp\bqwvzl40.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\bqwvzl40.exe
  C:\Users\Admin\AppData\Local\Temp\bqwvzl40.exe --Restart
  2⤵
  PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads