e5dac4e2fbb5d25f56d3fd3f8a3d17d69d1ef2bf12835bef07713e05c12bacdc | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 06:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MoonWare.exe
Size

89KB
MD5

2362ad594d01c45fee0f41d9f4288e04
SHA1

c2206548169157b0057a0851363a2932deef7939
SHA256

e5dac4e2fbb5d25f56d3fd3f8a3d17d69d1ef2bf12835bef07713e05c12bacdc
SHA512

42696c1bb81d7b2aba5cb3a8ac6c8455f0d516c98128a27e37e0bae0e99c46121fb1b87e5dced56f56ed1e88c35474a944ead88ffca6c45c804dab1039a50d3a
SSDEEP

1536:H7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf9wTOb:b7DhdC6kzWypvaQ0FxyNTBf9x

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2444	2120	MoonWare.exe	32
PID 2120 wrote to memory of 2444	2120	MoonWare.exe	32
PID 2120 wrote to memory of 2444	2120	MoonWare.exe	32
PID 2120 wrote to memory of 2444	2120	MoonWare.exe	32

C:\Users\Admin\AppData\Local\Temp\MoonWare.exe
"C:\Users\Admin\AppData\Local\Temp\MoonWare.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FEF8.tmp\FEF9.tmp\FEFA.bat C:\Users\Admin\AppData\Local\Temp\MoonWare.exe"
  2⤵
  PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FEF8.tmp\FEF9.tmp\FEFA.bat

Filesize
11B

MD5
8865aa9369ef062d717b7ec91117395f

SHA1
dccd8a4b9b34cc15c133471cc2ba37322b539835

SHA256
c32ffb6b69a94af5594772853f594e2b49ac71dbdde9fb69925276239d83c060

SHA512
3ee19925a125c01dfcd74a26edb34e84aa0b14a23107ad2b4aab285def24818f6a7a16f10ca76a1e8e7da0c6c80b1a449ff90edfaf61506fce83c18ab47f7201

Download Submit