e04977f7d1fbf8b3a69237bbd2170af6c3046a8ce29e2732cd7c72f079f0e0f8 | Triage

Analysis

max time kernel
115s
max time network
115s
platform
windows10_x64
resource
win10
submitted
24-06-2020 15:09

Sharing

Report Analysis Logs

General

Target

871ae1394889d6e1d9532c47d922091e.exe
Size

736KB
MD5

871ae1394889d6e1d9532c47d922091e
SHA1

ade45b1d4c1cca9b47e859f242b28b06431a3e9f
SHA256

e04977f7d1fbf8b3a69237bbd2170af6c3046a8ce29e2732cd7c72f079f0e0f8
SHA512

ed80414336dad96b558a9dcca9f0271bf48ef0bf343c74be9c3a88094f94b8faf507dc36f4bf5ba515d6fb024c0ab5f21e5a3994f57ecd43639b9e268562a2d9

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

871ae1394889d6e1d9532c47d922091e.exe

description	pid	process	target process
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe
PID 3544 wrote to memory of 4060	3544	871ae1394889d6e1d9532c47d922091e.exe	871ae1394889d6e1d9532c47d922091e.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

871ae1394889d6e1d9532c47d922091e.exe

description pid process target process

PID 3544 set thread context of 4060 3544 871ae1394889d6e1d9532c47d922091e.exe 871ae1394889d6e1d9532c47d922091e.exe

C:\Users\Admin\AppData\Local\Temp\871ae1394889d6e1d9532c47d922091e.exe
"C:\Users\Admin\AppData\Local\Temp\871ae1394889d6e1d9532c47d922091e.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:3544

C:\Users\Admin\AppData\Local\Temp\871ae1394889d6e1d9532c47d922091e.exe
"{path}"
2⤵
PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4060-0-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download
memory/4060-1-0x000000000043F5F5-mapping.dmp

Download
memory/4060-2-0x0000000000400000-0x0000000000490000-memory.dmp

Filesize
576KB

Download