65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e | Triage

Analysis

max time kernel
147s
max time network
118s
platform
windows10_x64
resource
win10v200430
submitted
09-07-2020 07:05

Sharing

Report Analysis Logs

General

Target

65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe
Size

152KB
MD5

f204d0d0d3581410ab737e7df7127707
SHA1

9f4bd70cd0705bd2101df3da185ca20c8cc889de
SHA256

65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e
SHA512

97788803ca26b63cc442bf99d5d44c3550eb30eb368c88b657760e2e3c56c3e8e65df38cad4c7ecc17b9a15734832b1be6daf6c54ce85fe07a0e1cf7f33f5554

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 504	3692	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	67
PID 3692 wrote to memory of 504	3692	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	67
PID 3692 wrote to memory of 504	3692	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe	67

Executes dropped EXE 1 IoCs

pid	Process
504	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe

C:\Users\Admin\AppData\Local\Temp\65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe
"C:\Users\Admin\AppData\Local\Temp\65c4054e6fbe8b99c6c340047f42728c1b9713b3c7ebfebe8949966de010ae2e.exe"
1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:3692
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/504-5-0x00000000001D0000-0x00000000001E0000-memory.dmp

Filesize
64KB

Download
memory/504-6-0x00000000005B0000-0x00000000005D5000-memory.dmp

Filesize
148KB

Download
memory/3692-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

Filesize
64KB

Download
memory/3692-1-0x00000000005C0000-0x00000000005E5000-memory.dmp

Filesize
148KB

Download