Analysis
-
max time kernel
83s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 10:15
Static task
static1
Behavioral task
behavioral1
Sample
90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe
-
Size
152KB
-
MD5
64bc9c80d2330e375b557873980d4852
-
SHA1
2129d00bc6d50e2eb634a56dcb119c08eecea470
-
SHA256
90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc
-
SHA512
6374b228f8caefff76346de88c64549b33fbb094d711ec0abf681fcd6d89a95e9303adf949156d9f49d0df9bf29acdebe88649f11286f37a6b2db685eb51b621
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exedescription pid process target process PID 3104 wrote to memory of 3884 3104 90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe bdif.exe PID 3104 wrote to memory of 3884 3104 90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe bdif.exe PID 3104 wrote to memory of 3884 3104 90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe bdif.exe -
Executes dropped EXE 1 IoCs
Processes:
bdif.exepid process 3884 bdif.exe -
NTFS ADS 1 IoCs
Processes:
90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exedescription ioc process File created \??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier 90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe"C:\Users\Admin\AppData\Local\Temp\90a35c735eb8d7ad6e5fbf118abdf1f93a65d197b52732ea2c7f4866057ddacc.exe"1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:3104 -
\??\c:\programdata\e6533cd889\bdif.exec:\programdata\e6533cd889\bdif.exe2⤵
- Executes dropped EXE
PID:3884