Analysis
-
max time kernel
130s -
max time network
136s -
platform
windows7_x64 -
resource
win7 -
submitted
09-07-2020 13:42
Static task
static1
Behavioral task
behavioral1
Sample
0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe
-
Size
6KB
-
MD5
d948bc4955591a093ecd279363627b43
-
SHA1
c7e27613190a030bd6065d1484653cac2ec6ca6a
-
SHA256
0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7
-
SHA512
13f1abd51f8e8ae951dd16251c093191da1af04bc9b6fa9a02ab79f28eb61f4198d17d4dd89740ec2aecea2f3b51c28322a55becfd914935a8c4afacddd2bb1d
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
dw20.exepid process 1044 dw20.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exedescription pid process target process PID 1152 wrote to memory of 1044 1152 0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe dw20.exe PID 1152 wrote to memory of 1044 1152 0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe dw20.exe PID 1152 wrote to memory of 1044 1152 0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe dw20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe"C:\Users\Admin\AppData\Local\Temp\0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 5402⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1044