4456f9a5d25296d8e6e184d50ec5355f01848263ce32e8379120a1077194a5ba | Triage

Analysis

max time kernel
212s
max time network
220s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
15/05/2024, 17:48

Sharing

Report Analysis Logs

General

Target

64.exe
Size

7KB
MD5

e1517885f6c71f7b3dafa6d4610c4762
SHA1

01edbfd0a59d9addad0f30c5777351c484c1fcd1
SHA256

4456f9a5d25296d8e6e184d50ec5355f01848263ce32e8379120a1077194a5ba
SHA512

4c947836d668dac764f0945c3438a0e1aae6c647560907a96096a6af9795a4b753f1c138e526d06029d364a28e900cbca07566c56df14764d232e3bacbca6c93
SSDEEP

24:eFGStrJ9u0/631vnZdEBQAV8aKq9K9qPIeNDJSqUmZEWdXCIGDpmB:is0w1LEBQpE9dISDoqUjWZCSB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 1868	3940	64.exe	82
PID 3940 wrote to memory of 1868	3940	64.exe	82

C:\Users\Admin\AppData\Local\Temp\64.exe
"C:\Users\Admin\AppData\Local\Temp\64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SYSTEM32\cmd.exe
  cmd
  2⤵
  PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3940-0-0x0000000140000000-0x0000000140004248-memory.dmp

Filesize
16KB

Download