9d3c04431db8d2630361ac69def49189101a5bf017627be2f147bcd66f3c8d29

General

Target

RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
Size

412KB
MD5

a362bfab962a771bffe1c9ff91c9c5ae
SHA1

68a8d9c5a57ab7c1961658183700436983c71553
SHA256

9d3c04431db8d2630361ac69def49189101a5bf017627be2f147bcd66f3c8d29
SHA512

889f97242150d03108e7d0b04346d9bd85d15adb19bba45e12be9ee53e12b47964ba1eb74978009beb4d0a9f7d28d84729548af46b8305dd6f3c162405865b0e

Score

5^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

pid	process
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

description	pid	process	target process
PID 1060 set thread context of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

pid process

1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

pid	process
1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

Suspicious use of WriteProcessMemory 34 IoCs

Processes:

RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exeRFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

description pid process

Token: SeDebugPrivilege 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

description	pid	process
Token: SeDebugPrivilege	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe

C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
"C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
PID:1060

C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
"{path}"
2⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
"{path}"
2⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
"{path}"
2⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
"{path}"
2⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
"{path}"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1356

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
3⤵
PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download
memory/1356-2-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/1356-3-0x0000000000405A3D-mapping.dmp

Download
memory/1356-4-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/1800-5-0x0000000000000000-mapping.dmp

Download
memory/1800-6-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1800-7-0x0000000000000000-mapping.dmp

Download

description	pid	process	target process
PID 1060 wrote to memory of 1720	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1720	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1720	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1720	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1396	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1396	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1396	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1396	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1832	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1832	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1832	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1832	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1824	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1824	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1824	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1824	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1060 wrote to memory of 1356	1060	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
PID 1356 wrote to memory of 1800	1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	cmd.exe
PID 1356 wrote to memory of 1800	1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	cmd.exe
PID 1356 wrote to memory of 1800	1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	cmd.exe
PID 1356 wrote to memory of 1800	1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	cmd.exe
PID 1356 wrote to memory of 1800	1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	cmd.exe
PID 1356 wrote to memory of 1800	1356	RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe	cmd.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads