c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a | Triage

Analysis

max time kernel
135s
max time network
124s
platform
windows10_x64
resource
win10v200430
submitted
09/07/2020, 10:15

Sharing

Report Analysis Logs

General

Target

c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe
Size

152KB
MD5

2cf4391c2b6f03bbe182ad06dfb61e67
SHA1

ed68d5051dc7bc1b26d28f664a494a13f41650f0
SHA256

c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a
SHA512

9c29d79f8ba12ab85cef3f0003fb96be888de58fae1be487fec4000e7e5e531ba570bc283c724d2929375ead9906e6873815a8af6be1e3a0776f46ba6921c8f3

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 2008	992	c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe	70
PID 992 wrote to memory of 2008	992	c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe	70
PID 992 wrote to memory of 2008	992	c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe	70

Executes dropped EXE 1 IoCs

pid	Process
2008	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe

C:\Users\Admin\AppData\Local\Temp\c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe
"C:\Users\Admin\AppData\Local\Temp\c2fee2b62f6f1f590770ee79393edda6c147e3e31fa1425684ad18226850989a.exe"
1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:992
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/992-0-0x00000000001D0000-0x00000000001E0000-memory.dmp

Filesize
64KB

Download
memory/992-1-0x0000000000530000-0x0000000000555000-memory.dmp

Filesize
148KB

Download
memory/2008-6-0x0000000000580000-0x00000000005A5000-memory.dmp

Filesize
148KB

Download