Analysis
-
max time kernel
97s -
max time network
94s -
platform
windows7_x64 -
resource
win7 -
submitted
12-07-2020 16:28
General
-
Target
SIM Swap Partner's Staff.docx.exe
-
Size
649KB
-
MD5
421fea142d75f349e7ab849bcbb7eb51
-
SHA1
ffca7676c442ad30521abacae9f177b924e533d9
-
SHA256
f0d83e1cb17751183ffa5fd073d26287a8b6e003aeaccf75523824acc117beab
-
SHA512
199b9165f36748bdc2ef188384dfa696c20f50f89266186361419049652a518d7d29ab49763e98a0bbd76ad0ffafd93da4d2eda2a573cb1f958c3f71420a5799
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
NetWire RAT payload 2 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SIM Swap Partner's Staff.docx.exe"C:\Users\Admin\AppData\Local\Temp\SIM Swap Partner's Staff.docx.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Adds Run entry to start application
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1048-0-0x0000000000400000-0x000000000042B000-memory.dmpFilesize
172KB
-
memory/1048-1-0x00000000004026D0-mapping.dmp
-
memory/1048-2-0x0000000000400000-0x000000000042B000-memory.dmpFilesize
172KB