Analysis
-
max time kernel
109s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
07-07-2020 05:37
General
-
Target
FIRM ORDER # 2020-1-32410 21981XMH.exe
-
Size
1.8MB
-
MD5
3349ba62142880bbe6e35dd4a9be5981
-
SHA1
f53307dd3ea7e7dfeba1dbd6aa33ffabb3aed628
-
SHA256
fae5d87e8771f0025e306697f68afe511275e9772af23dfd081ffbfc0b56f38d
-
SHA512
1dad489fe6ef0d0f99358be688885e10ce2d178b675300e51eff3b169b9952c36e74868d5c8e77388c1ec2c7af895b10e65f21489416caa89de59e746b0a8c37
Score
6/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 688 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FIRM ORDER # 2020-1-32410 21981XMH.exe"C:\Users\Admin\AppData\Local\Temp\FIRM ORDER # 2020-1-32410 21981XMH.exe"1⤵
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2800-0-0x0000000000000000-mapping.dmp
-
memory/2800-1-0x0000000000000000-mapping.dmp
-
memory/2800-2-0x0000000000000000-mapping.dmp
-
memory/2800-3-0x0000000000000000-mapping.dmp
-
memory/2800-4-0x0000000000000000-mapping.dmp
-
memory/2800-5-0x0000000000000000-mapping.dmp
-
memory/2800-6-0x0000000000000000-mapping.dmp
-
memory/2800-7-0x0000000000000000-mapping.dmp
-
memory/2800-8-0x0000000000000000-mapping.dmp
-
memory/2800-9-0x0000000000000000-mapping.dmp
-
memory/2800-10-0x0000000000000000-mapping.dmp
-
memory/2800-11-0x0000000000000000-mapping.dmp
-
memory/2800-12-0x0000000000000000-mapping.dmp
-
memory/2800-13-0x0000000000000000-mapping.dmp
-
memory/2800-14-0x0000000000000000-mapping.dmp
-
memory/2800-15-0x0000000000000000-mapping.dmp
-
memory/2800-16-0x0000000000000000-mapping.dmp
-
memory/2800-17-0x0000000000000000-mapping.dmp
-
memory/2800-18-0x0000000000000000-mapping.dmp
-
memory/2800-19-0x0000000000000000-mapping.dmp
-
memory/2800-20-0x0000000000000000-mapping.dmp
-
memory/2800-21-0x0000000000000000-mapping.dmp
-
memory/2800-22-0x0000000000000000-mapping.dmp
-
memory/2800-23-0x0000000000000000-mapping.dmp
-
memory/2800-24-0x0000000000000000-mapping.dmp
-
memory/2800-25-0x0000000000000000-mapping.dmp
-
memory/2800-26-0x0000000000000000-mapping.dmp
-
memory/2800-27-0x0000000000000000-mapping.dmp
-
memory/2800-28-0x0000000000000000-mapping.dmp
-
memory/2800-29-0x0000000000000000-mapping.dmp
-
memory/2800-30-0x0000000000000000-mapping.dmp
-
memory/2800-31-0x0000000000000000-mapping.dmp
-
memory/2800-32-0x0000000000000000-mapping.dmp
-
memory/2800-33-0x0000000000000000-mapping.dmp
-
memory/2800-34-0x0000000000000000-mapping.dmp
-
memory/2800-35-0x0000000000000000-mapping.dmp
-
memory/2800-36-0x0000000000000000-mapping.dmp
-
memory/2800-37-0x0000000000000000-mapping.dmp
-
memory/2800-38-0x0000000000000000-mapping.dmp
-
memory/2800-39-0x0000000000000000-mapping.dmp
-
memory/2800-40-0x0000000000000000-mapping.dmp
-
memory/2800-41-0x0000000000000000-mapping.dmp
-
memory/2800-42-0x0000000000000000-mapping.dmp
-
memory/2800-43-0x0000000000000000-mapping.dmp
-
memory/2800-44-0x0000000000000000-mapping.dmp
-
memory/2800-45-0x0000000000000000-mapping.dmp
-
memory/2800-46-0x0000000000000000-mapping.dmp
-
memory/2800-47-0x0000000000000000-mapping.dmp
-
memory/2800-48-0x0000000000000000-mapping.dmp
-
memory/2800-49-0x0000000000000000-mapping.dmp
-
memory/2800-50-0x0000000000000000-mapping.dmp
-
memory/2800-51-0x0000000000000000-mapping.dmp
-
memory/2800-52-0x0000000000000000-mapping.dmp
-
memory/2800-53-0x0000000000000000-mapping.dmp
-
memory/2800-54-0x0000000000000000-mapping.dmp
-
memory/2800-55-0x0000000000000000-mapping.dmp
-
memory/2800-56-0x0000000000000000-mapping.dmp
-
memory/2800-57-0x0000000000000000-mapping.dmp
-
memory/2800-58-0x0000000000000000-mapping.dmp
-
memory/2800-59-0x0000000000000000-mapping.dmp
-
memory/2800-60-0x0000000000000000-mapping.dmp
-
memory/2800-61-0x0000000000000000-mapping.dmp
-
memory/2800-62-0x0000000000000000-mapping.dmp
-
memory/2800-63-0x0000000000000000-mapping.dmp
-
memory/2800-64-0x0000000000000000-mapping.dmp
-
memory/2800-65-0x0000000000000000-mapping.dmp
-
memory/2800-66-0x0000000000000000-mapping.dmp
-
memory/2800-67-0x0000000000000000-mapping.dmp
-
memory/2800-68-0x0000000000000000-mapping.dmp
-
memory/2800-69-0x0000000000000000-mapping.dmp
-
memory/2800-70-0x0000000000000000-mapping.dmp
-
memory/2800-71-0x0000000000000000-mapping.dmp
-
memory/2800-72-0x0000000000000000-mapping.dmp
-
memory/2800-73-0x0000000000000000-mapping.dmp
-
memory/2800-74-0x0000000000000000-mapping.dmp
-
memory/2800-75-0x0000000000000000-mapping.dmp
-
memory/2800-76-0x0000000000000000-mapping.dmp
-
memory/2800-77-0x0000000000000000-mapping.dmp
-
memory/2800-78-0x0000000000000000-mapping.dmp
-
memory/2800-79-0x0000000000000000-mapping.dmp
-
memory/2800-80-0x0000000000000000-mapping.dmp
-
memory/2800-81-0x0000000000000000-mapping.dmp
-
memory/2800-82-0x0000000000000000-mapping.dmp
-
memory/2800-83-0x0000000000000000-mapping.dmp
-
memory/2800-84-0x0000000000000000-mapping.dmp
-
memory/2800-85-0x0000000000000000-mapping.dmp
-
memory/2800-86-0x0000000000000000-mapping.dmp
-
memory/2800-87-0x0000000000000000-mapping.dmp
-
memory/2800-88-0x0000000000000000-mapping.dmp
-
memory/2800-89-0x0000000000000000-mapping.dmp
-
memory/2800-90-0x0000000000000000-mapping.dmp
-
memory/2800-91-0x0000000000000000-mapping.dmp
-
memory/2800-92-0x0000000000000000-mapping.dmp
-
memory/2800-93-0x0000000000000000-mapping.dmp
-
memory/2800-94-0x0000000000000000-mapping.dmp
-
memory/2800-95-0x0000000000000000-mapping.dmp
-
memory/2800-96-0x0000000000000000-mapping.dmp
-
memory/2800-97-0x0000000000000000-mapping.dmp
-
memory/2800-98-0x0000000000000000-mapping.dmp
-
memory/2800-99-0x0000000000000000-mapping.dmp
-
memory/2800-100-0x0000000000000000-mapping.dmp
-
memory/2800-101-0x0000000000000000-mapping.dmp
-
memory/2800-102-0x0000000000000000-mapping.dmp
-
memory/2800-103-0x0000000000000000-mapping.dmp
-
memory/2800-104-0x0000000000000000-mapping.dmp
-
memory/2800-105-0x0000000000000000-mapping.dmp
-
memory/2800-106-0x0000000000000000-mapping.dmp
-
memory/2800-107-0x0000000000000000-mapping.dmp
-
memory/2800-108-0x0000000000000000-mapping.dmp
-
memory/2800-109-0x0000000000000000-mapping.dmp
-
memory/2800-110-0x0000000000000000-mapping.dmp
-
memory/2800-111-0x0000000000000000-mapping.dmp
-
memory/2800-112-0x0000000000000000-mapping.dmp
-
memory/2800-113-0x0000000000000000-mapping.dmp
-
memory/2800-114-0x0000000000000000-mapping.dmp
-
memory/2800-115-0x0000000000000000-mapping.dmp
-
memory/2800-116-0x0000000000000000-mapping.dmp
-
memory/2800-117-0x0000000000000000-mapping.dmp
-
memory/2800-118-0x0000000000000000-mapping.dmp
-
memory/2800-119-0x0000000000000000-mapping.dmp
-
memory/2800-120-0x0000000000000000-mapping.dmp
-
memory/2800-121-0x0000000000000000-mapping.dmp
-
memory/2800-122-0x0000000000000000-mapping.dmp
-
memory/2800-123-0x0000000000000000-mapping.dmp
-
memory/2800-124-0x0000000000000000-mapping.dmp
-
memory/2800-125-0x0000000000000000-mapping.dmp
-
memory/2800-126-0x0000000000000000-mapping.dmp
-
memory/2800-127-0x0000000000000000-mapping.dmp
-
memory/2800-128-0x0000000000000000-mapping.dmp
-
memory/2800-129-0x0000000000000000-mapping.dmp
-
memory/2800-130-0x0000000000000000-mapping.dmp
-
memory/2800-131-0x0000000000000000-mapping.dmp
-
memory/2800-132-0x0000000000000000-mapping.dmp
-
memory/2800-133-0x0000000000000000-mapping.dmp
-
memory/2800-134-0x0000000000000000-mapping.dmp
-
memory/2800-135-0x0000000000000000-mapping.dmp
-
memory/2800-136-0x0000000000000000-mapping.dmp
-
memory/2800-137-0x0000000000000000-mapping.dmp
-
memory/2800-138-0x0000000000000000-mapping.dmp
-
memory/2800-139-0x0000000000000000-mapping.dmp
-
memory/2800-140-0x0000000000000000-mapping.dmp
-
memory/2800-141-0x0000000000000000-mapping.dmp
-
memory/2800-142-0x0000000000000000-mapping.dmp
-
memory/2800-143-0x0000000000000000-mapping.dmp
-
memory/2800-144-0x0000000000000000-mapping.dmp
-
memory/2800-145-0x0000000000000000-mapping.dmp
-
memory/2800-146-0x0000000000000000-mapping.dmp
-
memory/2800-147-0x0000000000000000-mapping.dmp
-
memory/2800-148-0x0000000000000000-mapping.dmp
-
memory/2800-149-0x0000000000000000-mapping.dmp
-
memory/2800-150-0x0000000000000000-mapping.dmp
-
memory/2800-151-0x0000000000000000-mapping.dmp
-
memory/2800-152-0x0000000000000000-mapping.dmp
-
memory/2800-153-0x0000000000000000-mapping.dmp
-
memory/2800-154-0x0000000000000000-mapping.dmp
-
memory/2800-155-0x0000000000000000-mapping.dmp
-
memory/2800-156-0x0000000000000000-mapping.dmp
-
memory/2800-157-0x0000000000000000-mapping.dmp
-
memory/2800-158-0x0000000000000000-mapping.dmp
-
memory/2800-159-0x0000000000000000-mapping.dmp
-
memory/2800-160-0x0000000000000000-mapping.dmp
-
memory/2800-161-0x0000000000000000-mapping.dmp
-
memory/2800-162-0x0000000000000000-mapping.dmp
-
memory/2800-163-0x0000000000000000-mapping.dmp
-
memory/2800-164-0x0000000000000000-mapping.dmp
-
memory/2800-165-0x0000000000000000-mapping.dmp
-
memory/2800-166-0x0000000000000000-mapping.dmp
-
memory/2800-167-0x0000000000000000-mapping.dmp
-
memory/2800-168-0x0000000000000000-mapping.dmp
-
memory/2800-169-0x0000000000000000-mapping.dmp
-
memory/2800-170-0x0000000000000000-mapping.dmp
-
memory/2800-171-0x0000000000000000-mapping.dmp
-
memory/2800-172-0x0000000000000000-mapping.dmp
-
memory/2800-173-0x0000000000000000-mapping.dmp
-
memory/2800-174-0x0000000000000000-mapping.dmp
-
memory/2800-175-0x0000000000000000-mapping.dmp
-
memory/2800-176-0x0000000000000000-mapping.dmp