ec1f06186ab126a41b8232b700b6a635b8575bf86cebe9d219020cd4ddf66cfd | Triage

Analysis

max time kernel
82s
max time network
137s
platform
windows10_x64
resource
win10
submitted
10/07/2020, 05:27

Sharing

Report Analysis Logs

General

Target

e14302358a704748b2d8263e82f06b86.exe
Size

152KB
MD5

e14302358a704748b2d8263e82f06b86
SHA1

872e85438a1ec7adc65edfa46920e990c560fc73
SHA256

ec1f06186ab126a41b8232b700b6a635b8575bf86cebe9d219020cd4ddf66cfd
SHA512

d0a83e8ed884cd7ba23b5dde9881fb20ad24c529e552b8df7fda3130af4d8222e1f6246d463e5683e3391fe5887f9b292b09ac78b5ce8b0d5b07a4a02b44bfdd

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3676 wrote to memory of 3468	3676	e14302358a704748b2d8263e82f06b86.exe	68
PID 3676 wrote to memory of 3468	3676	e14302358a704748b2d8263e82f06b86.exe	68
PID 3676 wrote to memory of 3468	3676	e14302358a704748b2d8263e82f06b86.exe	68

Executes dropped EXE 1 IoCs

pid	Process
3468	bdif.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	\??\c:\programdata\e6533cd889\bdif.exe:Zone.Identifier	e14302358a704748b2d8263e82f06b86.exe

C:\Users\Admin\AppData\Local\Temp\e14302358a704748b2d8263e82f06b86.exe
"C:\Users\Admin\AppData\Local\Temp\e14302358a704748b2d8263e82f06b86.exe"
1⤵
- Suspicious use of WriteProcessMemory
- NTFS ADS
PID:3676
- \??\c:\programdata\e6533cd889\bdif.exe
  c:\programdata\e6533cd889\bdif.exe
  2⤵
  - Executes dropped EXE
  PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3468-6-0x00000000008D0000-0x00000000008F5000-memory.dmp

Filesize
148KB

Download
memory/3676-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

Filesize
64KB

Download
memory/3676-1-0x00000000005B0000-0x00000000005D5000-memory.dmp

Filesize
148KB

Download