015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c | Triage

Analysis

max time kernel
117s
max time network
113s
platform
windows10_x64
resource
win10v200410
submitted
20-04-2020 13:26

Sharing

Report Analysis Logs

General

Target

015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe
Size

947KB
MD5

f022941552a599fb73f8da08bdfc7916
SHA1

4ce5df2aa24467ede3d8cb7c4c75ec0e2326c48e
SHA256

015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c
SHA512

90a30aa850a918f65ad304e9b5d72ff8e6bc92a5f7653dbfd658853ee6927874faf2c07ab7f919fcdcdb84f9dfbfa86c9a8e84a56b36bf457b634d336acd2001

Score

7^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe

pid	process
4088	015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe
4088	015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe

Loads dropped DLL 1 IoCs

Processes:

015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe

pid process

4088 015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe

C:\Users\Admin\AppData\Local\Temp\015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe
"C:\Users\Admin\AppData\Local\Temp\015f68131e14117e77673f134a4fbfc0a7b80e118eb98804055dbba70926bf8c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Loads dropped DLL
PID:4088

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -s TapiSrv
1⤵
PID:3904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\9A26.tmp

Download Submit