1e367c6e20ff83d3180ffb42f3b6b4e795742c53b55cd0f43ef70765b0fa4a87 | Triage

Analysis

max time kernel
150s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 13:37

Sharing

Report Analysis Logs

General

Target

new_mapper.exe
Size

67KB
MD5

14693a72970866a88e78ca5feae0401c
SHA1

7f9f048e5c5970b3c86896302c72839cc8891c14
SHA256

1e367c6e20ff83d3180ffb42f3b6b4e795742c53b55cd0f43ef70765b0fa4a87
SHA512

7cda6a17a65f71ce7be291064d0eb7018c70d8e0512e38b414897a0aa87e6419eb8994e3362d673a99b79c74b4adaade85b43da640307f05ae81e1369048291a
SSDEEP

1536:AIA0xDKhqux8+plRmFzUSyeNkwe5u4Esa:AIFDyrx8URm5mJPu4Es

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 3684	4472	cmd.exe	100
PID 4472 wrote to memory of 3684	4472	cmd.exe	100

C:\Users\Admin\AppData\Local\Temp\new_mapper.exe
"C:\Users\Admin\AppData\Local\Temp\new_mapper.exe"
1⤵
PID:1080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4856

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Users\Admin\AppData\Local\Temp\new_mapper.exe
  new_mapper.exe
  2⤵
  PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads