c32c1bbae041ead274ca21f8d2ca3855262ec85bf8acf128673723a13af3759b | Triage

Analysis

max time kernel
137s
max time network
51s
platform
windows10_x64
resource
win10v200430
submitted
30-05-2020 09:13

Sharing

Report Analysis Logs

General

Target

5781.dll.exe
Size

1.1MB
MD5

3b14b098bd1f2f321add748d56d76604
SHA1

e059a7fd05405f30c76129bd6c1584e8a59d57cb
SHA256

c32c1bbae041ead274ca21f8d2ca3855262ec85bf8acf128673723a13af3759b
SHA512

3a9e7e3f928d9cac383a649d59bf4ee97b57029c09801720da96ba50f5bb96c6c4d4cdf8ce157882b52ee552c9ad34c5bfe9c84e3d844ed6a0fbd7aebb9f1b13

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

5781.dll.exe

description pid process target process

PID 796 wrote to memory of 392 796 5781.dll.exe cmd.exe
PID 796 wrote to memory of 392 796 5781.dll.exe cmd.exe

C:\Users\Admin\AppData\Local\Temp\5781.dll.exe
"C:\Users\Admin\AppData\Local\Temp\5781.dll.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\5781.dll.exe --nofork
2⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\5781.dll.exe
C:\Users\Admin\AppData\Local\Temp\5781.dll.exe --nofork
3⤵
PID:588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NewFile.com

Download Submit
C:\Users\Admin\AppData\Local\Temp\NewFile.txt

Download Submit