6d7f26fcf5753156e3b622cc258a44542d695373f031d552c9158c956bc75a4a | Triage

Analysis

max time kernel
132s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 09:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

关于排查2024年佣金牟取私利专项整治工作台账.exe
Size

365KB
MD5

15a456b2e0040f294b9d3dd90d4e614a
SHA1

32c8aeda0b70bb24eab148bf60a559e7e8d740b0
SHA256

6d7f26fcf5753156e3b622cc258a44542d695373f031d552c9158c956bc75a4a
SHA512

4dda87daa7b098b8aa3aa2d31a7f2e5bafa3ea7c025d7fd219b7cde39e28faa24fbebf33a6d7657b1091a63a8c5c6a1b6a88847035598e9d68381149818d421d
SSDEEP

6144:upcwmAXtqtMWA+c5L6n1Dg6optupm7MKQsft/04mZuribVJEe0:6zCmX6nq3T37/QsqJ0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 1516	3836	关于排查2024年佣金牟取私利专项整治工作台账.exe	91
PID 3836 wrote to memory of 1516	3836	关于排查2024年佣金牟取私利专项整治工作台账.exe	91
PID 1516 wrote to memory of 5060	1516	cmd.exe	93
PID 1516 wrote to memory of 5060	1516	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\关于排查2024年佣金牟取私利专项整治工作台账.exe
"C:\Users\Admin\AppData\Local\Temp\关于排查2024年佣金牟取私利专项整治工作台账.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Windows\system32\cmd.exe
  "cmd" /c "curl -s https://myip.ipip.net/"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\Windows\system32\curl.exe
    curl -s https://myip.ipip.net/
    3⤵
    PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads