Analysis
-
max time kernel
117s -
max time network
136s -
platform
windows7_x64 -
resource
win7 -
submitted
08-07-2020 06:39
General
-
Target
RFP_NDT_ServicesandEquipments_Proposal_Project_dwg.exe
-
Size
797KB
-
MD5
d9a372fd1f0401897210599c330124b6
-
SHA1
570eff9c5b310ef0a577804be2ab2dcf470a139f
-
SHA256
ff4bcfd3663088b0e8fed48b19bf950f8a6680fea9d3b0a478ac1fbfbcefeeef
-
SHA512
6df19c26284e5aa2951692ecdeb59ce7cb4861b181c468857be58c51344a2807450337ca1c8e3539422d44cb8939f169b7bf1b957aff0e7e7bf7995876a4a928
Score
5/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFP_NDT_ServicesandEquipments_Proposal_Project_dwg.exe"C:\Users\Admin\AppData\Local\Temp\RFP_NDT_ServicesandEquipments_Proposal_Project_dwg.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\RFP_NDT_ServicesandEquipments_Proposal_Project_dwg.exe"{path}"2⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
1.3MB
-
Filesize
1.3MB