0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7 | Triage

Analysis

max time kernel
130s
max time network
136s
platform
windows7_x64
resource
win7
submitted
09-07-2020 13:42

Sharing

Report Analysis Logs

General

Target

0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe
Size

6KB
MD5

d948bc4955591a093ecd279363627b43
SHA1

c7e27613190a030bd6065d1484653cac2ec6ca6a
SHA256

0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7
SHA512

13f1abd51f8e8ae951dd16251c093191da1af04bc9b6fa9a02ab79f28eb61f4198d17d4dd89740ec2aecea2f3b51c28322a55becfd914935a8c4afacddd2bb1d

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1044	dw20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 1044	1152	0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe	25
PID 1152 wrote to memory of 1044	1152	0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe	25
PID 1152 wrote to memory of 1044	1152	0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe	25

C:\Users\Admin\AppData\Local\Temp\0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe
"C:\Users\Admin\AppData\Local\Temp\0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 540
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-1-0x0000000001FA0000-0x0000000001FB1000-memory.dmp

Filesize
68KB

Download