5b3b00e926845e44a249f678e9748afb32808fad7e3bb5bf92cde3eeec803752 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 20:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fdc60e8aae7af53a5efee67f3a03dbf5.exe
Size

73KB
MD5

fdc60e8aae7af53a5efee67f3a03dbf5
SHA1

df04f7f1b8dc060fe45c7f6be5f8a7763e81c29a
SHA256

5b3b00e926845e44a249f678e9748afb32808fad7e3bb5bf92cde3eeec803752
SHA512

1217c1abc6ec397febef35b06b9c9d9a18818a4bbd4be22807335f7da07b95150103b8453d0d9b3f0ca35ffc6f414af04128ab21d4f5fc4dda2f5f98b3b468c4
SSDEEP

1536:hbSYv9ZK5QPqfhVWbdsmA+RjPFLC+e5hK0ZGUGf2g:hGYvHNPqfcxA+HFshKOg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 108	1676	fdc60e8aae7af53a5efee67f3a03dbf5.exe	29
PID 1676 wrote to memory of 108	1676	fdc60e8aae7af53a5efee67f3a03dbf5.exe	29
PID 1676 wrote to memory of 108	1676	fdc60e8aae7af53a5efee67f3a03dbf5.exe	29
PID 1676 wrote to memory of 108	1676	fdc60e8aae7af53a5efee67f3a03dbf5.exe	29

C:\Users\Admin\AppData\Local\Temp\fdc60e8aae7af53a5efee67f3a03dbf5.exe
"C:\Users\Admin\AppData\Local\Temp\fdc60e8aae7af53a5efee67f3a03dbf5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 15225.exe
  2⤵
  PID:108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-5-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download