Analysis
-
max time kernel
131s -
max time network
136s -
platform
windows7_x64 -
resource
win7 -
submitted
09-07-2020 06:38
Static task
static1
Behavioral task
behavioral1
Sample
25d570ff9d42df9425595dce21e00dd5.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
25d570ff9d42df9425595dce21e00dd5.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
25d570ff9d42df9425595dce21e00dd5.exe
-
Size
152KB
-
MD5
25d570ff9d42df9425595dce21e00dd5
-
SHA1
26698d3213003a4b9a8d1cdb2ca385b049616ee6
-
SHA256
f0023927901cedd1868dd38f17210d3c9786f6d963b426dcd895875fbc2b26fe
-
SHA512
2c6dd9d261fc1d9b717ead0bf2b9d8995aa977ab4fd67ed0dc7e7026306e2738fca9f283e8e0b37ececb2ec7187512c847da920a33720b9eb429d97c1a64dc18
Score
8/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
25d570ff9d42df9425595dce21e00dd5.exepid process 1060 25d570ff9d42df9425595dce21e00dd5.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
25d570ff9d42df9425595dce21e00dd5.exedescription pid process target process PID 1060 wrote to memory of 836 1060 25d570ff9d42df9425595dce21e00dd5.exe bdif.exe PID 1060 wrote to memory of 836 1060 25d570ff9d42df9425595dce21e00dd5.exe bdif.exe PID 1060 wrote to memory of 836 1060 25d570ff9d42df9425595dce21e00dd5.exe bdif.exe PID 1060 wrote to memory of 836 1060 25d570ff9d42df9425595dce21e00dd5.exe bdif.exe -
Executes dropped EXE 1 IoCs
Processes:
bdif.exepid process 836 bdif.exe -
NTFS ADS 1 IoCs
Processes:
25d570ff9d42df9425595dce21e00dd5.exedescription ioc process File created \??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier 25d570ff9d42df9425595dce21e00dd5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\25d570ff9d42df9425595dce21e00dd5.exe"C:\Users\Admin\AppData\Local\Temp\25d570ff9d42df9425595dce21e00dd5.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:1060 -
\??\c:\programdata\e6533cd889\bdif.exec:\programdata\e6533cd889\bdif.exe2⤵
- Executes dropped EXE
PID:836