8c50ce44732912726e5ab0958e4199deee77f904cd746369f37b91e67a9826c6 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 09:52

Sharing

Report Analysis Logs

General

Target

Sysmon.exe
Size

3.5MB
MD5

c2f59c783a26dd480bafcc9955a99f42
SHA1

e6951e1a5d57e5ed56e4ca179258cf269724efa7
SHA256

8c50ce44732912726e5ab0958e4199deee77f904cd746369f37b91e67a9826c6
SHA512

f71f78b9d6845971016b519d05a2eff5783f56b674ab20484e92de0ae1fe3eccb20c8d7cb842bdd6d6d0168896a6e73368b051c254a1cd51de403ad47d31bfdb
SSDEEP

49152:5FarAOQsMZqNYvL9XH/FP8WW2pcinUCGiZ21uYecaBBfE27rf+Sm:5F9sMzL9XHl7s8BBBK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2724	Sysmon.exe

Loads dropped DLL 1 IoCs

pid	Process
1876	Sysmon.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2724	1876	Sysmon.exe	29
PID 1876 wrote to memory of 2724	1876	Sysmon.exe	29
PID 1876 wrote to memory of 2724	1876	Sysmon.exe	29
PID 1876 wrote to memory of 2724	1876	Sysmon.exe	29

C:\Users\Admin\AppData\Local\Temp\Sysmon.exe
"C:\Users\Admin\AppData\Local\Temp\Sysmon.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Users\Admin\AppData\Local\Temp\SYS1798443429\Sysmon.exe
  "C:\Users\Admin\AppData\Local\Temp\Sysmon.exe"
  2⤵
  - Executes dropped EXE
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\SYS1798443429\Sysmon.exe

Filesize
1.9MB

MD5
3cc92c9b0b56be9bb7ac2e3c63d3f60f

SHA1
e7cd3eb94ec7111e18e3e62d2291d949db09436c

SHA256
5422e288a3699e1560bf832c8daabc65d78590b6d78c3baa9f788da67dea049d

SHA512
60e8c8a207c7855ed3db301bcd05d5d03956b661563e3ce443429f8ebe71eaaf788167b00029afc84d3d988942511267dd1b02a313f0dc5f826d6833b0b5598d

Download Submit