65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e | Triage

Analysis

max time kernel
146s
max time network
101s
platform
windows7_x64
resource
win7v200430
submitted
09-07-2020 07:05

Sharing

Report Analysis Logs

General

Target

65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe
Size

152KB
MD5

f204d0d0d3581410ab737e7df7127707
SHA1

9f4bd70cd0705bd2101df3da185ca20c8cc889de
SHA256

65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e
SHA512

97788803ca26b63cc442bf99d5d44c3550eb30eb368c88b657760e2e3c56c3e8e65df38cad4c7ecc17b9a15734832b1be6daf6c54ce85fe07a0e1cf7f33f5554

Score

8^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
904	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1408	904	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	25
PID 904 wrote to memory of 1408	904	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	25
PID 904 wrote to memory of 1408	904	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	25
PID 904 wrote to memory of 1408	904	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	25

Executes dropped EXE 1 IoCs

pid	Process
1408	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe

C:\Users\Admin\AppData\Local\Temp\65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe
"C:\Users\Admin\AppData\Local\Temp\65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:904
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-0-0x0000000000230000-0x0000000000240000-memory.dmp

Filesize
64KB

Download
memory/904-1-0x0000000000270000-0x0000000000295000-memory.dmp

Filesize
148KB

Download
memory/1408-5-0x0000000000030000-0x0000000000040000-memory.dmp

Filesize
64KB

Download
memory/1408-6-0x00000000003D0000-0x00000000003F5000-memory.dmp

Filesize
148KB

Download