Analysis
-
max time kernel
13s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 06:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
downloader.exe
Resource
win7-20240729-en
1 signatures
150 seconds
General
-
Target
downloader.exe
-
Size
70.1MB
-
MD5
dfcb8f3c04b0f4be1effc1f18c98d9ea
-
SHA1
3c44e26a8cda8c8d4ab186f4882117f3023e7006
-
SHA256
b550a1e40fb269d8bf54ecfb7615d3eca1d926bcafed4acadf272634a07abb29
-
SHA512
401bffa963c428965682605e5b591a3dc743e6e28f50e4ec6ca1ccfdd4b6128f221eb431ab313ca3cdcf351f68ad680b921cc375ec067d83f72f976c1ce36f46
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3N9:lWoI7zGP5ahWc3Imz
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
downloader.exedescription pid process target process PID 2648 wrote to memory of 2712 2648 downloader.exe cmd.exe PID 2648 wrote to memory of 2712 2648 downloader.exe cmd.exe PID 2648 wrote to memory of 2712 2648 downloader.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\downloader.exe"C:\Users\Admin\AppData\Local\Temp\downloader.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "start "" "C:\Users\Admin\AppData\Local\Temp\notepadd.exe""2⤵PID:2712