52594dae04135a7be866b5a1e1a12328d6d3fcdadeedfd5f8a267d7d67974165 | Triage

Analysis

max time kernel
129s
max time network
42s
platform
windows7_x64
resource
win7v200430
submitted
29-05-2020 19:54

Sharing

Report Analysis Logs

General

Target

Swift-NTMO8112.r11.exe
Size

369KB
MD5

8d09522ab3445893fd7f7591b73855d7
SHA1

3628b248c39e81f0f493f54e215ac06ba7bd85bd
SHA256

52594dae04135a7be866b5a1e1a12328d6d3fcdadeedfd5f8a267d7d67974165
SHA512

c30651c8db6ebc9cd6f4ac0d03a0e428ab17fbfb82cd984be05dd55ef1b46b37340146b7970068aff3baceefad0001aef3070004e8757234c2fa14ac100363b5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Swift-NTMO8112.r11.exe

description	pid	process	target process
PID 280 wrote to memory of 1836	280	Swift-NTMO8112.r11.exe	dw20.exe
PID 280 wrote to memory of 1836	280	Swift-NTMO8112.r11.exe	dw20.exe
PID 280 wrote to memory of 1836	280	Swift-NTMO8112.r11.exe	dw20.exe
PID 280 wrote to memory of 1836	280	Swift-NTMO8112.r11.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\Swift-NTMO8112.r11.exe
"C:\Users\Admin\AppData\Local\Temp\Swift-NTMO8112.r11.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:280

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 460
2⤵
PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1836-0-0x0000000001E70000-0x0000000001E81000-memory.dmp

Filesize
68KB

Download