b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe
Size

191KB
MD5

fe77d628901694a44391928b9eaa5ef0
SHA1

434e9891c36d767e90d9f004c18e9a0fe4c1de52
SHA256

b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9
SHA512

81ebb218f7e980c60a4e7f572d609c6aae9f124609c7ff8b1b18e8d925503e3de992e1a7eddec863dcf73416eea31a2ae90906e12fb56c8890296703385fc9c2
SSDEEP

3072:I82162ffD2O2U9PGAZRc8SDdw0Gd3gbPD2gGm8IRZjB2tC0r5Lvet++6Qqwkv4rb:I8G6ufD7pPbc7pn8QbPDVZ3RD+C0la6B

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe
1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 1376	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	20
PID 1288 wrote to memory of 1376	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	20
PID 1288 wrote to memory of 1376	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	20
PID 1288 wrote to memory of 1232	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	18
PID 1288 wrote to memory of 1232	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	18
PID 1288 wrote to memory of 1232	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	18
PID 1288 wrote to memory of 1328	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	19
PID 1288 wrote to memory of 1328	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	19
PID 1288 wrote to memory of 1328	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	19
PID 1288 wrote to memory of 1376	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	20
PID 1288 wrote to memory of 1376	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	20
PID 1288 wrote to memory of 1376	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	20
PID 1288 wrote to memory of 1072	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	22
PID 1288 wrote to memory of 1072	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	22
PID 1288 wrote to memory of 1072	1288	b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe	22

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1232

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1328

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1376
- C:\Users\Admin\AppData\Local\Temp\b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe
  "C:\Users\Admin\AppData\Local\Temp\b9fea94be4dc076112d393ae7aa81e9e254b38e1c1c12f852d853355179b89a9N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1288

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1288-0-0x0000000000407000-0x0000000000409000-memory.dmp

Filesize
8KB

Download
memory/1288-2-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1376-8-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1376-5-0x000000007EF90000-0x000000007EFC0000-memory.dmp

Filesize
192KB

Download
memory/1376-1-0x000000007EFC0000-0x000000007EFD1000-memory.dmp

Filesize
68KB

Download