f0023927901cedd1868dd38f17210d3c9786f6d963b426dcd895875fbc2b26fe | Triage

Analysis

max time kernel
121s
max time network
120s
platform
windows10_x64
resource
win10
submitted
09/07/2020, 06:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

25d570ff9d42df9425595dce21e00dd5.exe
Size

152KB
MD5

25d570ff9d42df9425595dce21e00dd5
SHA1

26698d3213003a4b9a8d1cdb2ca385b049616ee6
SHA256

f0023927901cedd1868dd38f17210d3c9786f6d963b426dcd895875fbc2b26fe
SHA512

2c6dd9d261fc1d9b717ead0bf2b9d8995aa977ab4fd67ed0dc7e7026306e2738fca9f283e8e0b37ececb2ec7187512c847da920a33720b9eb429d97c1a64dc18

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 3856	3588	25d570ff9d42df9425595dce21e00dd5.exe	68
PID 3588 wrote to memory of 3856	3588	25d570ff9d42df9425595dce21e00dd5.exe	68
PID 3588 wrote to memory of 3856	3588	25d570ff9d42df9425595dce21e00dd5.exe	68

Executes dropped EXE 1 IoCs

pid	Process
3856	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	25d570ff9d42df9425595dce21e00dd5.exe

C:\Users\Admin\AppData\Local\Temp\25d570ff9d42df9425595dce21e00dd5.exe
"C:\Users\Admin\AppData\Local\Temp\25d570ff9d42df9425595dce21e00dd5.exe"
1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:3588
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3588-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

Filesize
64KB

Download
memory/3588-1-0x00000000008A0000-0x00000000008C5000-memory.dmp

Filesize
148KB

Download
memory/3856-6-0x00000000005B0000-0x00000000005D5000-memory.dmp

Filesize
148KB

Download