f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040 | Triage

Analysis

max time kernel
144s
max time network
127s
platform
windows10_x64
resource
win10v200430
submitted
19-07-2020 02:09

Sharing

Report Analysis Logs

General

Target

f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe
Size

100KB
MD5

197d7cc96e2808da3e48f592ac8f5462
SHA1

ca09b43a2ba767e9e429729ac1dd2c6889c07fa3
SHA256

f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040
SHA512

b418c32714b38aa0bac9772b9501dce15fb3f155b95a717a3041d16f2700ee9084150e8ade0495ddaf8471188e947b8d35fb0d85efd1ad96fa37ace81eb6933e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3824	f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe
3824	f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe
3824	f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe
3824	f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3824	f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe
3824	f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe

C:\Users\Admin\AppData\Local\Temp\f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe
"C:\Users\Admin\AppData\Local\Temp\f20ea3f650ff0c63d349af4f42b52c4ab5a97e2c31806e1a16208d840ed69040.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3824-0-0x00000000038E0000-0x00000000038EC000-memory.dmp

Filesize
48KB

Download