f118e52a73227b85fbb0cb7d202c3753916e518c516286c441a2dc92ede1f023 | Triage

Analysis

max time kernel
61s

Sharing

General

Target

Exes_4f551cb9a7c7d24104c19ac85e55defe.exe
Sample

190823-824vb26wbe
SHA256

f118e52a73227b85fbb0cb7d202c3753916e518c516286c441a2dc92ede1f023

Score

N/A

Malware Config

Signatures

Drops file in system dir 1 IoCs

description
C:\Windows\windefender.exe

Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs

Process Injection

description	pid	Process
PID 1600 wrote to memory of 1780	1780	Process not Found

Executes dropped EXE 1 TTPs

Native API
T1106
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129

Drops file in system dir 1 IoCs

description
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fc-0\Microsoft.PowerShell.GraphicalHost.dll

Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129