Analysis
-
max time kernel
141s -
max time network
136s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
07-07-2020 05:37
General
-
Target
FIRM ORDER # 2020-1-32410 21981XMH.exe
-
Size
1.8MB
-
MD5
3349ba62142880bbe6e35dd4a9be5981
-
SHA1
f53307dd3ea7e7dfeba1dbd6aa33ffabb3aed628
-
SHA256
fae5d87e8771f0025e306697f68afe511275e9772af23dfd081ffbfc0b56f38d
-
SHA512
1dad489fe6ef0d0f99358be688885e10ce2d178b675300e51eff3b169b9952c36e74868d5c8e77388c1ec2c7af895b10e65f21489416caa89de59e746b0a8c37
Score
6/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 688 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Adds Run entry to start application 2 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FIRM ORDER # 2020-1-32410 21981XMH.exe"C:\Users\Admin\AppData\Local\Temp\FIRM ORDER # 2020-1-32410 21981XMH.exe"1⤵
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1512-0-0x0000000000000000-mapping.dmp
-
memory/1512-1-0x0000000000000000-mapping.dmp
-
memory/1512-2-0x0000000000000000-mapping.dmp
-
memory/1512-3-0x0000000000000000-mapping.dmp
-
memory/1512-4-0x0000000000000000-mapping.dmp
-
memory/1512-6-0x0000000000000000-mapping.dmp
-
memory/1512-5-0x0000000000000000-mapping.dmp
-
memory/1512-7-0x0000000000000000-mapping.dmp
-
memory/1512-8-0x0000000000000000-mapping.dmp
-
memory/1512-9-0x0000000000000000-mapping.dmp
-
memory/1512-10-0x0000000000000000-mapping.dmp
-
memory/1512-11-0x0000000000000000-mapping.dmp
-
memory/1512-12-0x0000000000000000-mapping.dmp
-
memory/1512-13-0x0000000000000000-mapping.dmp
-
memory/1512-14-0x0000000000000000-mapping.dmp
-
memory/1512-15-0x0000000000000000-mapping.dmp
-
memory/1512-16-0x0000000000000000-mapping.dmp
-
memory/1512-17-0x0000000000000000-mapping.dmp
-
memory/1512-18-0x0000000000000000-mapping.dmp
-
memory/1512-19-0x0000000000000000-mapping.dmp
-
memory/1512-20-0x0000000000000000-mapping.dmp
-
memory/1512-21-0x0000000000000000-mapping.dmp
-
memory/1512-22-0x0000000000000000-mapping.dmp
-
memory/1512-23-0x0000000000000000-mapping.dmp
-
memory/1512-24-0x0000000000000000-mapping.dmp
-
memory/1512-25-0x0000000000000000-mapping.dmp
-
memory/1512-26-0x0000000000000000-mapping.dmp
-
memory/1512-27-0x0000000000000000-mapping.dmp
-
memory/1512-28-0x0000000000000000-mapping.dmp
-
memory/1512-29-0x0000000000000000-mapping.dmp
-
memory/1512-30-0x0000000000000000-mapping.dmp
-
memory/1512-31-0x0000000000000000-mapping.dmp
-
memory/1512-32-0x0000000000000000-mapping.dmp
-
memory/1512-33-0x0000000000000000-mapping.dmp
-
memory/1512-34-0x0000000000000000-mapping.dmp
-
memory/1512-35-0x0000000000000000-mapping.dmp
-
memory/1512-36-0x0000000000000000-mapping.dmp
-
memory/1512-37-0x0000000000000000-mapping.dmp
-
memory/1512-38-0x0000000000000000-mapping.dmp
-
memory/1512-39-0x0000000000000000-mapping.dmp
-
memory/1512-40-0x0000000000000000-mapping.dmp
-
memory/1512-41-0x0000000000000000-mapping.dmp
-
memory/1512-42-0x0000000000000000-mapping.dmp
-
memory/1512-43-0x0000000000000000-mapping.dmp
-
memory/1512-44-0x0000000000000000-mapping.dmp
-
memory/1512-45-0x0000000000000000-mapping.dmp
-
memory/1512-46-0x0000000000000000-mapping.dmp
-
memory/1512-47-0x0000000000000000-mapping.dmp
-
memory/1512-48-0x0000000000000000-mapping.dmp
-
memory/1512-49-0x0000000000000000-mapping.dmp
-
memory/1512-50-0x0000000000000000-mapping.dmp
-
memory/1512-51-0x0000000000000000-mapping.dmp
-
memory/1512-52-0x0000000000000000-mapping.dmp
-
memory/1512-53-0x0000000000000000-mapping.dmp
-
memory/1512-54-0x0000000000000000-mapping.dmp
-
memory/1512-56-0x0000000000000000-mapping.dmp
-
memory/1512-55-0x0000000000000000-mapping.dmp
-
memory/1512-57-0x0000000000000000-mapping.dmp
-
memory/1512-58-0x0000000000000000-mapping.dmp
-
memory/1512-59-0x0000000000000000-mapping.dmp
-
memory/1512-60-0x0000000000000000-mapping.dmp
-
memory/1512-61-0x0000000000000000-mapping.dmp
-
memory/1512-62-0x0000000000000000-mapping.dmp
-
memory/1512-63-0x0000000000000000-mapping.dmp
-
memory/1512-64-0x0000000000000000-mapping.dmp
-
memory/1512-65-0x0000000000000000-mapping.dmp
-
memory/1512-66-0x0000000000000000-mapping.dmp
-
memory/1512-67-0x0000000000000000-mapping.dmp
-
memory/1512-68-0x0000000000000000-mapping.dmp
-
memory/1512-69-0x0000000000000000-mapping.dmp
-
memory/1512-70-0x0000000000000000-mapping.dmp
-
memory/1512-71-0x0000000000000000-mapping.dmp
-
memory/1512-72-0x0000000000000000-mapping.dmp
-
memory/1512-73-0x0000000000000000-mapping.dmp
-
memory/1512-74-0x0000000000000000-mapping.dmp
-
memory/1512-75-0x0000000000000000-mapping.dmp
-
memory/1512-76-0x0000000000000000-mapping.dmp
-
memory/1512-77-0x0000000000000000-mapping.dmp
-
memory/1512-78-0x0000000000000000-mapping.dmp
-
memory/1512-79-0x0000000000000000-mapping.dmp
-
memory/1512-80-0x0000000000000000-mapping.dmp
-
memory/1512-81-0x0000000000000000-mapping.dmp
-
memory/1512-82-0x0000000000000000-mapping.dmp
-
memory/1512-83-0x0000000000000000-mapping.dmp
-
memory/1512-84-0x0000000000000000-mapping.dmp
-
memory/1512-85-0x0000000000000000-mapping.dmp
-
memory/1512-86-0x0000000000000000-mapping.dmp
-
memory/1512-87-0x0000000000000000-mapping.dmp
-
memory/1512-88-0x0000000000000000-mapping.dmp
-
memory/1512-89-0x0000000000000000-mapping.dmp
-
memory/1512-90-0x0000000000000000-mapping.dmp
-
memory/1512-91-0x0000000000000000-mapping.dmp
-
memory/1512-92-0x0000000000000000-mapping.dmp
-
memory/1512-93-0x0000000000000000-mapping.dmp
-
memory/1512-94-0x0000000000000000-mapping.dmp
-
memory/1512-95-0x0000000000000000-mapping.dmp
-
memory/1512-96-0x0000000000000000-mapping.dmp
-
memory/1512-97-0x0000000000000000-mapping.dmp
-
memory/1512-98-0x0000000000000000-mapping.dmp
-
memory/1512-99-0x0000000000000000-mapping.dmp
-
memory/1512-100-0x0000000000000000-mapping.dmp
-
memory/1512-101-0x0000000000000000-mapping.dmp
-
memory/1512-102-0x0000000000000000-mapping.dmp
-
memory/1512-103-0x0000000000000000-mapping.dmp
-
memory/1512-104-0x0000000000000000-mapping.dmp
-
memory/1512-105-0x0000000000000000-mapping.dmp
-
memory/1512-106-0x0000000000000000-mapping.dmp
-
memory/1512-107-0x0000000000000000-mapping.dmp
-
memory/1512-108-0x0000000000000000-mapping.dmp
-
memory/1512-109-0x0000000000000000-mapping.dmp
-
memory/1512-110-0x0000000000000000-mapping.dmp
-
memory/1512-111-0x0000000000000000-mapping.dmp
-
memory/1512-112-0x0000000000000000-mapping.dmp
-
memory/1512-113-0x0000000000000000-mapping.dmp
-
memory/1512-114-0x0000000000000000-mapping.dmp
-
memory/1512-115-0x0000000000000000-mapping.dmp
-
memory/1512-116-0x0000000000000000-mapping.dmp
-
memory/1512-117-0x0000000000000000-mapping.dmp
-
memory/1512-118-0x0000000000000000-mapping.dmp
-
memory/1512-119-0x0000000000000000-mapping.dmp
-
memory/1512-120-0x0000000000000000-mapping.dmp
-
memory/1512-121-0x0000000000000000-mapping.dmp
-
memory/1512-122-0x0000000000000000-mapping.dmp
-
memory/1512-123-0x0000000000000000-mapping.dmp
-
memory/1512-124-0x0000000000000000-mapping.dmp
-
memory/1512-125-0x0000000000000000-mapping.dmp
-
memory/1512-126-0x0000000000000000-mapping.dmp
-
memory/1512-127-0x0000000000000000-mapping.dmp
-
memory/1512-128-0x0000000000000000-mapping.dmp
-
memory/1512-129-0x0000000000000000-mapping.dmp
-
memory/1512-130-0x0000000000000000-mapping.dmp
-
memory/1512-131-0x0000000000000000-mapping.dmp
-
memory/1512-132-0x0000000000000000-mapping.dmp
-
memory/1512-133-0x0000000000000000-mapping.dmp
-
memory/1512-134-0x0000000000000000-mapping.dmp
-
memory/1512-135-0x0000000000000000-mapping.dmp
-
memory/1512-136-0x0000000000000000-mapping.dmp
-
memory/1512-137-0x0000000000000000-mapping.dmp
-
memory/1512-138-0x0000000000000000-mapping.dmp
-
memory/1512-139-0x0000000000000000-mapping.dmp
-
memory/1512-140-0x0000000000000000-mapping.dmp
-
memory/1512-141-0x0000000000000000-mapping.dmp
-
memory/1512-142-0x0000000000000000-mapping.dmp
-
memory/1512-143-0x0000000000000000-mapping.dmp
-
memory/1512-144-0x0000000000000000-mapping.dmp
-
memory/1512-145-0x0000000000000000-mapping.dmp
-
memory/1512-146-0x0000000000000000-mapping.dmp
-
memory/1512-147-0x0000000000000000-mapping.dmp
-
memory/1512-148-0x0000000000000000-mapping.dmp
-
memory/1512-149-0x0000000000000000-mapping.dmp
-
memory/1512-150-0x0000000000000000-mapping.dmp
-
memory/1512-151-0x0000000000000000-mapping.dmp
-
memory/1512-152-0x0000000000000000-mapping.dmp
-
memory/1512-153-0x0000000000000000-mapping.dmp
-
memory/1512-154-0x0000000000000000-mapping.dmp
-
memory/1512-155-0x0000000000000000-mapping.dmp
-
memory/1512-156-0x0000000000000000-mapping.dmp
-
memory/1512-157-0x0000000000000000-mapping.dmp
-
memory/1512-158-0x0000000000000000-mapping.dmp
-
memory/1512-159-0x0000000000000000-mapping.dmp
-
memory/1512-160-0x0000000000000000-mapping.dmp
-
memory/1512-161-0x0000000000000000-mapping.dmp
-
memory/1512-162-0x0000000000000000-mapping.dmp
-
memory/1512-163-0x0000000000000000-mapping.dmp
-
memory/1512-164-0x0000000000000000-mapping.dmp
-
memory/1512-165-0x0000000000000000-mapping.dmp
-
memory/1512-166-0x0000000000000000-mapping.dmp
-
memory/1512-167-0x0000000000000000-mapping.dmp
-
memory/1512-168-0x0000000000000000-mapping.dmp
-
memory/1512-169-0x0000000000000000-mapping.dmp
-
memory/1512-170-0x0000000000000000-mapping.dmp
-
memory/1512-171-0x0000000000000000-mapping.dmp
-
memory/1512-172-0x0000000000000000-mapping.dmp
-
memory/1512-173-0x0000000000000000-mapping.dmp