Analysis
-
max time kernel
131s -
max time network
138s -
platform
windows7_x64 -
resource
win7 -
submitted
09-07-2020 08:10
Static task
static1
Behavioral task
behavioral1
Sample
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
-
Size
412KB
-
MD5
a362bfab962a771bffe1c9ff91c9c5ae
-
SHA1
68a8d9c5a57ab7c1961658183700436983c71553
-
SHA256
9d3c04431db8d2630361ac69def49189101a5bf017627be2f147bcd66f3c8d29
-
SHA512
889f97242150d03108e7d0b04346d9bd85d15adb19bba45e12be9ee53e12b47964ba1eb74978009beb4d0a9f7d28d84729548af46b8305dd6f3c162405865b0e
Score
5/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exepid process 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exedescription pid process target process PID 1060 set thread context of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exepid process 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe -
Suspicious use of WriteProcessMemory 34 IoCs
Processes:
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exeRFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exedescription pid process target process PID 1060 wrote to memory of 1720 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1720 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1720 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1720 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1396 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1396 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1396 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1396 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1832 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1832 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1832 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1832 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1824 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1824 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1824 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1824 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1060 wrote to memory of 1356 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe PID 1356 wrote to memory of 1800 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe cmd.exe PID 1356 wrote to memory of 1800 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe cmd.exe PID 1356 wrote to memory of 1800 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe cmd.exe PID 1356 wrote to memory of 1800 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe cmd.exe PID 1356 wrote to memory of 1800 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe cmd.exe PID 1356 wrote to memory of 1800 1356 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe cmd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exedescription pid process Token: SeDebugPrivilege 1060 RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\RFP01_NDT_Services_Equipment_Proposal_Project2020_dwg.exe"{path}"2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1060-1-0x0000000000000000-0x0000000000000000-disk.dmp
-
memory/1356-2-0x0000000000400000-0x0000000000554000-memory.dmpFilesize
1.3MB
-
memory/1356-3-0x0000000000405A3D-mapping.dmp
-
memory/1356-4-0x0000000000400000-0x0000000000554000-memory.dmpFilesize
1.3MB
-
memory/1800-5-0x0000000000000000-mapping.dmp
-
memory/1800-6-0x0000000000130000-0x0000000000131000-memory.dmpFilesize
4KB
-
memory/1800-7-0x0000000000000000-mapping.dmp