Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-03-2024 11:00
Static task
static1
Behavioral task
behavioral1
Sample
вирус_v2.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
вирус_v2.0.exe
Resource
win10v2004-20240226-en
General
-
Target
вирус_v2.0.exe
-
Size
155KB
-
MD5
cd564358f2933adb4259afb672f19911
-
SHA1
a86753eeb0339f625148b76e4a7fe2f85a8858cc
-
SHA256
dbc8b3f55307575516d50e820affb2f8f623a9ebc9844fbc4d1e4c8cdef8ff1e
-
SHA512
b74f61a6e599fe37607b71c1979159773f63045a916c30154f06b73150b763e1332c040457dd722dc881978492f50cbd29e8d003cacff80cb06966d4a785a0cb
-
SSDEEP
3072:raFfHgTWmCRkGbKGLeNTBfT16FY24wR+UIDBLCZ/F:W5aWbksiNTBL1sl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 320 wrote to memory of 4016 320 вирус_v2.0.exe 90 PID 320 wrote to memory of 4016 320 вирус_v2.0.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:320 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3BF0.tmp\3BF1.tmp\3BF2.bat C:\Users\Admin\AppData\Local\Temp\вирус_v2.0.exe"2⤵PID:4016
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
246B
MD5bdbebba28b6b37e48a6e0a0baa3837cd
SHA14bb511e888997be7ebac0b5d8ff1f90be6141843
SHA2564c30117451d4e1a235f30a6a3d0ff654fd179caaca0edb3e20f7aafedc22df12
SHA512422f6af590fae3c50d4259a52d025e603229e741d7be93a13573ab64a747a3199658400888e972e0255566afc2d721c335041cca05b4142d46630540867b875d