ec1f06186ab126a41b8232b700b6a635b8575bf86cebe9d219020cd4ddf66cfd | Triage

Analysis

max time kernel
128s
max time network
100s
platform
windows7_x64
resource
win7v200430
submitted
10/07/2020, 05:27

Sharing

Report Analysis Logs

General

Target

e14302358a704748b2d8263e82f06b86.exe
Size

152KB
MD5

e14302358a704748b2d8263e82f06b86
SHA1

872e85438a1ec7adc65edfa46920e990c560fc73
SHA256

ec1f06186ab126a41b8232b700b6a635b8575bf86cebe9d219020cd4ddf66cfd
SHA512

d0a83e8ed884cd7ba23b5dde9881fb20ad24c529e552b8df7fda3130af4d8222e1f6246d463e5683e3391fe5887f9b292b09ac78b5ce8b0d5b07a4a02b44bfdd

Score

8^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
376	e14302358a704748b2d8263e82f06b86.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 1080	376	e14302358a704748b2d8263e82f06b86.exe	25
PID 376 wrote to memory of 1080	376	e14302358a704748b2d8263e82f06b86.exe	25
PID 376 wrote to memory of 1080	376	e14302358a704748b2d8263e82f06b86.exe	25
PID 376 wrote to memory of 1080	376	e14302358a704748b2d8263e82f06b86.exe	25

Executes dropped EXE 1 IoCs

pid	Process
1080	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	e14302358a704748b2d8263e82f06b86.exe

C:\Users\Admin\AppData\Local\Temp\e14302358a704748b2d8263e82f06b86.exe
"C:\Users\Admin\AppData\Local\Temp\e14302358a704748b2d8263e82f06b86.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:376
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/376-0-0x0000000000230000-0x0000000000240000-memory.dmp

Filesize
64KB

Download
memory/376-1-0x00000000002C0000-0x00000000002E5000-memory.dmp

Filesize
148KB

Download
memory/1080-6-0x00000000002C0000-0x00000000002E5000-memory.dmp

Filesize
148KB

Download