39ef4f295558c6ce7cce0ca1fb961602b74a2dff85df72619b205178099d589e | Triage

Analysis

max time kernel
245s
max time network
247s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18/08/2024, 19:43

Sharing

Report Analysis Logs

General

Target

ExReporter/ExMailer.exe
Size

2.1MB
MD5

064fa4a00d66d9ff867af9f3d94c884c
SHA1

bc6ebc9896fe24475c4a8b6256a491c03ab4b9d7
SHA256

86109df82716f68dd680963cf9bb7aa2480fc927ce4ee2eb874add4406974dd6
SHA512

bdcde1fddf0dcadcd3b1cb91a9b2de11ddc59b4f8641101227646d7e6a04bab1f2609bb600f196686204eba97cfe31e874361306cc02cea6fc63a81020a45a72
SSDEEP

49152:fZpE4/Mb5JyoQIk+xyVzKCNdvLc1LtJQKWUPpIdzNiR:hpE/FFkqytKC4LtzhQg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 1376	3404	ExMailer.exe	75
PID 3404 wrote to memory of 1376	3404	ExMailer.exe	75

C:\Users\Admin\AppData\Local\Temp\ExReporter\ExMailer.exe
"C:\Users\Admin\AppData\Local\Temp\ExReporter\ExMailer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads