3c8cff994e40cbc806b0ee6e0c3b754b2e3cfcbc0d978cb054d86a8759a34c6f

Analysis

max time kernel
7s
max time network
11s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 13:30

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T13:30:57Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win7-20240221-en/instance_4-dirty.qcow2\"}"

Report Analysis Logs

General

Target

SyntaxPlayerLauncher.exe
Size

2.0MB
MD5

e2f2f82432d9e8af61a6691c22c199bd
SHA1

2fe63992e35182fdcc727b33660f0b8d62c241c7
SHA256

3c8cff994e40cbc806b0ee6e0c3b754b2e3cfcbc0d978cb054d86a8759a34c6f
SHA512

db2607522ef5fe32b938f046979d3b5a420f3d6ebdd4067acfcb0ef3ed08e2f1fff7b5e2afda2811d186b8b6b93beaaf04feadf531b9cc8cdcac350c1df8b890
SSDEEP

49152:QbmX2TxBORRmdb9napLY3QxjZl7zMrO5mU7c46n2oE0TzbIv0Nx:QCX2TbSRmN9napLIQxjZl7zMrO5PKtzX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29
PID 2904 wrote to memory of 3024	2904	SyntaxPlayerLauncher.exe	29

C:\Users\Admin\AppData\Local\Temp\SyntaxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\SyntaxPlayerLauncher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  "cmd" /c cls
  2⤵
  PID:3024

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2608

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2376-1-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2608-0-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download