dbeb99d2b3f5ab13560c96f80ee6153f909f64aac45d4ad56e2468320430acd3 | Triage

Analysis

max time kernel
144s
max time network
38s
platform
windows7_x64
resource
win7v200430
submitted
11-07-2020 10:21

Sharing

Report Analysis Logs

General

Target

iLJAb.exe
Size

689KB
MD5

16e4884e9a65175caf71b6386ec23739
SHA1

19e6cf4c136b24feff77358255613f15fff6c7d8
SHA256

dbeb99d2b3f5ab13560c96f80ee6153f909f64aac45d4ad56e2468320430acd3
SHA512

cecd09c5749b7af8cf5b7836d66443529e28e1c1d46a153daf0b13338f305e4721f77533ce2b73c936c6bdf315abf78fe16abaf921069fed052b3684abfbfbca

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

iLJAb.exe

description	pid	process	target process
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe
PID 676 wrote to memory of 1716	676	iLJAb.exe	iLJAb.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

iLJAb.exe

description pid process target process

PID 676 set thread context of 1716 676 iLJAb.exe iLJAb.exe

C:\Users\Admin\AppData\Local\Temp\iLJAb.exe
"C:\Users\Admin\AppData\Local\Temp\iLJAb.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:676

C:\Users\Admin\AppData\Local\Temp\iLJAb.exe
"{path}"
2⤵
PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/676-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download
memory/1716-2-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1716-3-0x0000000000410FEE-mapping.dmp

Download
memory/1716-4-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1716-5-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download