aa509d1b61485ca731f996f34538a4ee467cff6ccbfb215f261b4ebe5d655ce8 | Triage

Analysis

max time kernel
138s
max time network
138s
platform
windows10_x64
resource
win10v200430
submitted
10-07-2020 09:25

Sharing

Report Analysis Logs

General

Target

E745DH.alibaba.com.exe
Size

1.2MB
MD5

430aecffce91b67ab23911a1b3401114
SHA1

0e57ec9f69ef1bdf91cade7670ee7d0f9049d414
SHA256

aa509d1b61485ca731f996f34538a4ee467cff6ccbfb215f261b4ebe5d655ce8
SHA512

6e388602dbd56859432a3f3bd4d940608a1c4c8d46f1b616d9d5324db73cb04db30b26a8c7f9781faa3898a3f85d601cb4056d3029bd51c5bb6a482c04fa8c5b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

E745DH.alibaba.com.exe

description	pid	process	target process
PID 3656 wrote to memory of 1884	3656	E745DH.alibaba.com.exe	cmd.exe
PID 3656 wrote to memory of 1884	3656	E745DH.alibaba.com.exe	cmd.exe
PID 3656 wrote to memory of 1884	3656	E745DH.alibaba.com.exe	cmd.exe
PID 3656 wrote to memory of 1884	3656	E745DH.alibaba.com.exe	cmd.exe
PID 3656 wrote to memory of 1884	3656	E745DH.alibaba.com.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\E745DH.alibaba.com.exe
"C:\Users\Admin\AppData\Local\Temp\E745DH.alibaba.com.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3656

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
2⤵
PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-1-0x0000000000000000-mapping.dmp

Download
memory/1884-2-0x0000000000000000-mapping.dmp

Download
memory/3656-0-0x0000000003050000-0x00000000031A4000-memory.dmp

Filesize
1.3MB

Download