809eb0570ba5abcd4ab012b354b4e1f0311eff595b1988ab0735bf1ab846e632 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 14:04

Sharing

Report Analysis Logs

General

Target

AptSpare.exe
Size

118KB
MD5

cc4b1354e518f62f8365f3cae4d60edb
SHA1

b95bfcf5923fa3c9a07e5625c18160d7095a1a6a
SHA256

2c9b3cfff81b5aed3946f5f3de76f65715a940a2a947bc43e9e14d7cec31b71f
SHA512

380ede255fb30f29d97fdbd8f178ca1b3d4303d1ef4bbcf6933d4b95ecf945e2cefd3fb7f8d0d5656daf00389e63752ad0b5807dace6db3e41e75cc510c0c561
SSDEEP

1536:juXbkBQuIjw8MIa3iFXdDANfTkdh3nKV3+yovmhLVnZPSb5:j0bvuIjw9Ia+N8qK3c+ZnZPSb5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2904	2860	AptSpare.exe	28
PID 2860 wrote to memory of 2904	2860	AptSpare.exe	28
PID 2860 wrote to memory of 2904	2860	AptSpare.exe	28
PID 2860 wrote to memory of 2904	2860	AptSpare.exe	28

C:\Users\Admin\AppData\Local\Temp\AptSpare.exe
"C:\Users\Admin\AppData\Local\Temp\AptSpare.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads