54a7cf627af0c58e6d9d0f5974b4311da67ab5ae0c28a1885d95b5416d2def0c | Triage

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2024 07:23

Sharing

Report Analysis Logs

General

Target

AntiVm.exe
Size

37.7MB
MD5

a4ee9ea37e9614baa84b2d63bef7d8cf
SHA1

fba36885a95289af033a41ed497d8778dcb6b446
SHA256

54a7cf627af0c58e6d9d0f5974b4311da67ab5ae0c28a1885d95b5416d2def0c
SHA512

7c3b068ed32e22e44bbee08e43b68ebfedd29b8020571fc29d0df177d5e367d6b968779a4a70727ce57d15c632c333fd423bb22d64b6408008d5e6a37bc985d3
SSDEEP

393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfK:fMguj8Q4VfvMqFTrY4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 3060	3688	AntiVm.exe	83
PID 3688 wrote to memory of 3060	3688	AntiVm.exe	83
PID 3060 wrote to memory of 3572	3060	cmd.exe	85
PID 3060 wrote to memory of 3572	3060	cmd.exe	85
PID 640 wrote to memory of 3292	640	cmd.exe	102
PID 640 wrote to memory of 3292	640	cmd.exe	102
PID 3292 wrote to memory of 2312	3292	AntiVm.exe	103
PID 3292 wrote to memory of 2312	3292	AntiVm.exe	103
PID 2312 wrote to memory of 3804	2312	cmd.exe	105
PID 2312 wrote to memory of 3804	2312	cmd.exe	105

C:\Users\Admin\AppData\Local\Temp\AntiVm.exe
"C:\Users\Admin\AppData\Local\Temp\AntiVm.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:3572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:740

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Users\Admin\AppData\Local\Temp\AntiVm.exe
  AntiVm.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2312
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:3804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads