Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09-07-2020 13:42

General

  • Target

    0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe

  • Size

    6KB

  • MD5

    d948bc4955591a093ecd279363627b43

  • SHA1

    c7e27613190a030bd6065d1484653cac2ec6ca6a

  • SHA256

    0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7

  • SHA512

    13f1abd51f8e8ae951dd16251c093191da1af04bc9b6fa9a02ab79f28eb61f4198d17d4dd89740ec2aecea2f3b51c28322a55becfd914935a8c4afacddd2bb1d

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe
    "C:\Users\Admin\AppData\Local\Temp\0f47871b1d23f9ede416559aca6a2f75588dd87ba1ac0c20404cbe633d908fb7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 836
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3052-0-0x0000000000000000-mapping.dmp
  • memory/3052-1-0x0000000002900000-0x0000000002901000-memory.dmp
    Filesize

    4KB

  • memory/3052-6-0x0000000002EA0000-0x0000000002EA1000-memory.dmp
    Filesize

    4KB

  • memory/3052-8-0x0000000002EA0000-0x0000000002EA1000-memory.dmp
    Filesize

    4KB

  • memory/3052-9-0x0000000002EA0000-0x0000000002EA1000-memory.dmp
    Filesize

    4KB