5518980510be79f425518145724d0e7f7564854667cdb8b7d9f6c0112401eebd | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 08:38

Sharing

Report Analysis Logs

General

Target

LocoyPostGet.exe
Size

184KB
MD5

03da9ce3c14ab2e426f6247a9398c5db
SHA1

34280374c856777e37e6ded86087d8283a5dddec
SHA256

f119eae6b120b9909d0ef5caf4a9179998de8f24d8e3a828818ff6a2ddaf4661
SHA512

c1bf24b01287606d584b8330d751633255f32bbcea355fac0ab30393ac427e72822890f0d2f12226976cf66038f23388f8b9c503204eabcf9c6d4295bf59bc8d
SSDEEP

3072:ZcLDCHLLUDdlJtGNXA66jBahcPXnIOVwXOd59MoNcu:ZLKJuA661aOPXnIOeGFb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2864	1912	LocoyPostGet.exe	28
PID 1912 wrote to memory of 2864	1912	LocoyPostGet.exe	28
PID 1912 wrote to memory of 2864	1912	LocoyPostGet.exe	28

C:\Users\Admin\AppData\Local\Temp\LocoyPostGet.exe
"C:\Users\Admin\AppData\Local\Temp\LocoyPostGet.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 388
  2⤵
  PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-0-0x000007FEF5E0E000-0x000007FEF5E0F000-memory.dmp

Filesize
4KB

Download
memory/1912-1-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

Filesize
9.6MB

Download
memory/1912-3-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

Filesize
9.6MB

Download
memory/2864-2-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

Filesize
4KB

Download