Analysis
-
max time kernel
129s -
max time network
79s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 12:45
General
-
Target
A2VqQ8z8Ip8FrFi.exe
-
Size
505KB
-
MD5
05bf406665b0dd8d707bcd22dc7eb848
-
SHA1
4d38d07c41bc41e39af98931575c783b58d3b9e8
-
SHA256
56fbebdb22c7244e81aefb20b4a95c1e7fa95791c3d22ffa92676bf1e668952b
-
SHA512
41d07c6600ad81e3e6a7c7bd1e5ffbb5105015fce9635a7e0bc279a16a3fbdadb81bd685fe220413f11abe30da02999bcfa5c8ded704df7e5c7f9311c2aebc9f
Score
7/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
Processes
-
C:\Users\Admin\AppData\Local\Temp\A2VqQ8z8Ip8FrFi.exe"C:\Users\Admin\AppData\Local\Temp\A2VqQ8z8Ip8FrFi.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"{path}"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2472-0-0x0000000000400000-0x000000000044C000-memory.dmpFilesize
304KB
-
memory/2472-1-0x0000000000446B4E-mapping.dmp