fcba07b4279ce84d7fff0cf6c03fb24c4fd102da6047b1ac9df41a0d90ebf239 | Triage

Analysis

max time kernel
3s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 23:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

136KB
MD5

6a69a6187f9b04ef4f2fcb43716120ec
SHA1

5bc814e70b896817fc73a00d2c533f01d1c36f3f
SHA256

fcba07b4279ce84d7fff0cf6c03fb24c4fd102da6047b1ac9df41a0d90ebf239
SHA512

e3af0a83b5bc0d4c39c234494c3bbe143d10112fdae953469d2b01a5bd0d8d1f3a24b3bdce98be24d60347e12913d883ac3931aec5c3e76c5c30edee85b90cb6
SSDEEP

1536:aMYLkCS6KWoP1/zgIgAeHIo9DsqvWhaOMTzudu2JretpibnqPluKN3VlYuc0Lv6Y:aMYA0Do1/xeV7psLUluAUd+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 4004	4180	main.exe	83
PID 4180 wrote to memory of 4004	4180	main.exe	83

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C C:\Users\Dopa\AppData\Local\Microsoft\WindowsApps\spotify.exe --protocol-uri=spotify://track/4PTG3Z6ehGkBFwjybzWkR8?si=31c974ad24694695&dlsi=7127c5c5323f416c
  2⤵
  PID:4004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4180-0-0x00007FF7DD360000-0x00007FF7DD386000-memory.dmp

Filesize
152KB

Download