Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
24-06-2020 15:06
General
-
Target
23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827.exe
-
Size
1.2MB
-
MD5
c78124cbf501154c3322e594cb076e17
-
SHA1
dd8b28a78383e3435487178509a18a21d1385d61
-
SHA256
23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827
-
SHA512
db3e711f00bf77ee7147f16f5426cf7594bddb2f70731cc97b8f6e28a4b4ba6eae238f51b3c9bcb91338e24e01f12df5801487db98587b961a221f23b0174a1f
Score
10/10
Malware Config
Signatures
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
NetWire RAT payload 1 IoCs
-
Drops startup file 1 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of FindShellTrayWindow 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827.exe"C:\Users\Admin\AppData\Local\Temp\23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827.exe"1⤵
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Drops startup file
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827.exe"C:\Users\Admin\AppData\Local\Temp\23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/504-0-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/504-1-0x000000000040242D-mapping.dmp