Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe
-
Size
543KB
-
MD5
82ccd7e7b55347928c927b1c07418603
-
SHA1
d1eb072920f8c79e5721f8c30f2cebb1c47c1432
-
SHA256
3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01
-
SHA512
f42fc7a513d598138bc9a9e124ee2a3e807ba16d2c328c33588737ea0a96e9aab80b2192666fa00b4d1ae5af7b30555d694e6c1b1a9a6732fc382092b9200ee4
-
SSDEEP
12288:vlHeY7ivCc94dpKd23Ql1ff9nB6WY817G:gY2v79Mpib1fVnkW/7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 1152 wrote to memory of 2172 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 29 PID 1152 wrote to memory of 2172 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 29 PID 1152 wrote to memory of 2172 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 29 PID 2172 wrote to memory of 2224 2172 cmd.exe 30 PID 2172 wrote to memory of 2224 2172 cmd.exe 30 PID 2172 wrote to memory of 2224 2172 cmd.exe 30 PID 1152 wrote to memory of 1912 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 31 PID 1152 wrote to memory of 1912 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 31 PID 1152 wrote to memory of 1912 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 31 PID 1152 wrote to memory of 2316 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 32 PID 1152 wrote to memory of 2316 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 32 PID 1152 wrote to memory of 2316 1152 3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe 32 PID 2316 wrote to memory of 2252 2316 cmd.exe 33 PID 2316 wrote to memory of 2252 2316 cmd.exe 33 PID 2316 wrote to memory of 2252 2316 cmd.exe 33 PID 2316 wrote to memory of 2232 2316 cmd.exe 34 PID 2316 wrote to memory of 2232 2316 cmd.exe 34 PID 2316 wrote to memory of 2232 2316 cmd.exe 34 PID 2316 wrote to memory of 2000 2316 cmd.exe 35 PID 2316 wrote to memory of 2000 2316 cmd.exe 35 PID 2316 wrote to memory of 2000 2316 cmd.exe 35
Processes
-
C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe"C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c MODE CON COLS=56 LINES=192⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\system32\mode.comMODE CON COLS=56 LINES=193⤵PID:2224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1912
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\3539a55edf43300fb9bc7e3d9fc12c7b19e8d9c9bb0683fa06005dd65d5b1a01.exe" MD53⤵PID:2252
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:2232
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:2000
-
-