Overview

overview

8

Static

static

486bdfa30d...f8.exe

windows7_x64

8

486bdfa30d...f8.exe

windows10_x64

8

Analysis

  • max time kernel
    134s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    09/07/2020, 10:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    486bdfa30d86eafc9fa6516ad67f6e7df39aa5fcbbe48f245e382ed38cc9adf8.exe

  • Size

    152KB

  • MD5

    9e0d55ea6fbd06df70af866d0fe5bb79

  • SHA1

    38023f98c48e7c30dcf1b538ada8888343d1ecad

  • SHA256

    486bdfa30d86eafc9fa6516ad67f6e7df39aa5fcbbe48f245e382ed38cc9adf8

  • SHA512

    187e39b3a17883dcfcd621a33236c8fa8d19f1dbc03ef19cd91870e822c40798b76b640fa560b850b09432bc3ad2877a51a221d4750d075fa4fe3e64ad39b57e

Score
8/10

Malware Config

Signatures

  • NTFS ADS 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Executes dropped EXE 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\486bdfa30d86eafc9fa6516ad67f6e7df39aa5fcbbe48f245e382ed38cc9adf8.exe
    "C:\Users\Admin\AppData\Local\Temp\486bdfa30d86eafc9fa6516ad67f6e7df39aa5fcbbe48f245e382ed38cc9adf8.exe"
    1⤵
    • NTFS ADS
    • Suspicious use of WriteProcessMemory
    PID:640
    • \??\c:\programdata\e6533cd889\bdif.exe
      c:\programdata\e6533cd889\bdif.exe
      2⤵
      • Executes dropped EXE
      PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/640-0-0x00000000001D0000-0x00000000001E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/640-1-0x0000000000540000-0x0000000000565000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1904-6-0x00000000007C0000-0x00000000007E5000-memory.dmp

    Filesize

    148KB

    Download