b43b1c5c0b273a752b054d1109ace00f24d5c7b24b96659abcf8033a7454c90b | Triage

Analysis

max time kernel
110s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 16:01

Sharing

Report Analysis Logs

General

Target

Reactor Control.exe
Size

215KB
MD5

0df7746babc3bc68e655e7dab9d57e1d
SHA1

d19b8824341cb7440a634b6a1fbfa2909423a9e5
SHA256

1697a7ca1b9ab9b0478075ac0f244cd0f0985540f3f75d6b87391b7ad73d1ce4
SHA512

e82dd73c61637c464f29df2a22f92b8f7cee6ae57b85ede6fe3a98484e405b8cdc991f5435229132a14cfabe00836c5f7eed99e21e21de9858a802f712098eea
SSDEEP

3072:kWscZhFNGfajJy7gb3ftFfThikJqElwzuMx7za+s:Bgfz7grTTsZa+s

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 3528	1816	Reactor Control.exe	81
PID 1816 wrote to memory of 3528	1816	Reactor Control.exe	81

C:\Users\Admin\AppData\Local\Temp\Reactor Control.exe
"C:\Users\Admin\AppData\Local\Temp\Reactor Control.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1816-2-0x00007FFA690F0000-0x00007FFA69106000-memory.dmp

Filesize
88KB

Download
memory/1816-1-0x00007FFA6C8E0000-0x00007FFA6C904000-memory.dmp

Filesize
144KB

Download
memory/1816-0-0x00007FF7A8AF0000-0x00007FF7A8B26000-memory.dmp

Filesize
216KB

Download
memory/1816-3-0x00007FFA63040000-0x00007FFA6326E000-memory.dmp

Filesize
2.2MB

Download