Analysis

  • max time kernel
    66s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    07-07-2020 15:12

General

  • Target

    file.exe

  • Size

    243KB

  • MD5

    161bed65887762d55290b8a298aef0f3

  • SHA1

    440a2598ffa5d05c43401d2bc4cd891b2d8ba14c

  • SHA256

    e9e099041f67a2d9aa3088393503bb566166e65fdf97447e48fe26b5447e6f61

  • SHA512

    ab4a5f5698ceb649df706f93e7ecd1d77d9ccdbc6bc55371a986d5d303579a93a531949e21bf6008acb554beaf193a1bbc06ff53d33b094be0f65326b3a94a8f

Score
7/10

Malware Config

Signatures

  • Checks for installed software on the system 1 TTPs 28 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Checks for installed software on the system
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c ping google.com && erase C:\Users\Admin\AppData\Local\Temp\file.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Windows\SysWOW64\PING.EXE
        ping google.com
        3⤵
        • Runs ping.exe
        PID:1000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/652-0-0x0000000000000000-mapping.dmp

  • memory/1000-1-0x0000000000000000-mapping.dmp