Analysis

  • max time kernel
    83s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09-07-2020 10:15

General

  • Target

    90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe

  • Size

    152KB

  • MD5

    64bc9c80d2330e375b557873980d4852

  • SHA1

    2129d00bc6d50e2eb634a56dcb119c08eecea470

  • SHA256

    90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc

  • SHA512

    6374b228f8caefff76346de88c64549b33fbb094d711ec0abf681fcd6d89a95e9303adf949156d9f49d0df9bf29acdebe88649f11286f37a6b2db685eb51b621

Score
8/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Executes dropped EXE 1 IoCs
  • NTFS ADS 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe
    "C:\Users\Admin\AppData\Local\Temp\90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • NTFS ADS
    PID:3104
    • \??\c:\programdata\e6533cd889\bdif.exe
      c:\programdata\e6533cd889\bdif.exe
      2⤵
      • Executes dropped EXE
      PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\83bb50ad72ec066ba3b2332b06c6d86c

  • C:\ProgramData\e6533cd889\bdif.exe

  • \??\c:\programdata\e6533cd889\bdif.exe

  • memory/3104-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

    Filesize

    64KB

  • memory/3104-1-0x0000000000430000-0x0000000000455000-memory.dmp

    Filesize

    148KB

  • memory/3884-2-0x0000000000000000-mapping.dmp

  • memory/3884-6-0x00000000004C0000-0x00000000004E5000-memory.dmp

    Filesize

    148KB