fa63d4149c5ee8f50fdaf58898c95120328032a19e62792d60f9959aed59ef15 | Triage

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 17:19

Sharing

Report Analysis Logs

General

Target

d6af541f693b8b43c1e4fc3827a3156b.exe
Size

35KB
MD5

d6af541f693b8b43c1e4fc3827a3156b
SHA1

d44423570a4ef86b8ed2487b4cdb26e3b1dbb35f
SHA256

fa63d4149c5ee8f50fdaf58898c95120328032a19e62792d60f9959aed59ef15
SHA512

40f397703231d82a57ba7237bf1a5301dcc60d0ee31a60f2d651cf57f8b09aabd469e43252d43b7411cf35c1e357ed349c009d39675d2df796b67cf279e1902f
SSDEEP

768:uLJRUQtQRvSwi6j+tcoP1R41CXEdx3jW3qVW6O:AQtSwit31fXG3j9O

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2628	2788	d6af541f693b8b43c1e4fc3827a3156b.exe	29
PID 2788 wrote to memory of 2628	2788	d6af541f693b8b43c1e4fc3827a3156b.exe	29
PID 2788 wrote to memory of 2628	2788	d6af541f693b8b43c1e4fc3827a3156b.exe	29
PID 2788 wrote to memory of 2628	2788	d6af541f693b8b43c1e4fc3827a3156b.exe	29

C:\Users\Admin\AppData\Local\Temp\d6af541f693b8b43c1e4fc3827a3156b.exe
"C:\Users\Admin\AppData\Local\Temp\d6af541f693b8b43c1e4fc3827a3156b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\5235.tmp\RemNodR.bat""
  2⤵
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5235.tmp\RemNodR.bat

Filesize
64B

MD5
ec58639374061b3416f74504757891da

SHA1
a19814abb58f88e5a140476ada71ab0abb34cd40

SHA256
65cb0c529bdb9370ef3946f11694fd768e2e57bc4a89aca7078e899dea854ce4

SHA512
1dbf3c8e9b66f2972de2e84b3c1c6f41609f27453702fab4c4f5fdc7db8b431acd80456d206bf2fe1215a10b30998442cdc44709af866fe1536245a941d7af23

Download Submit