8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f | Triage

Analysis

max time kernel
128s
max time network
152s
platform
windows10_x64
resource
win10v200430
submitted
09/07/2020, 07:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe
Size

152KB
MD5

54ce74d7da4e96422bbe999c75f4e8f4
SHA1

64ef5b1d805794ab861cd6126d70021a8712b279
SHA256

8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f
SHA512

c3b9e610d56537e969a772406955dd4bf2ef1c8ec7ac0a771c7f6ffcf6f0be0a99025a5f2109689c56f3c9a55c0cbfecf45f15b3e91e0570a9e24eb8956aaa2e

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1816	1484	8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe	69
PID 1484 wrote to memory of 1816	1484	8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe	69
PID 1484 wrote to memory of 1816	1484	8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe	69

Executes dropped EXE 1 IoCs

pid	Process
1816	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe

C:\Users\Admin\AppData\Local\Temp\8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe
"C:\Users\Admin\AppData\Local\Temp\8d3e06384cbad1d3a2d2a1ff747527f67141fbddb9ba9a223d9e69f31afd1d5f.exe"
1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:1484
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:1816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1484-0-0x00000000001D0000-0x00000000001E0000-memory.dmp

Filesize
64KB

Download
memory/1484-1-0x00000000009F0000-0x0000000000A15000-memory.dmp

Filesize
148KB

Download
memory/1816-6-0x0000000000580000-0x00000000005A5000-memory.dmp

Filesize
148KB

Download