Analysis
-
max time kernel
15s -
max time network
114s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
06-11-2020 22:39
Static task
static1
Behavioral task
behavioral1
Sample
COLCPD2020_01-x64.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
COLCPD2020_01-x64.exe
Resource
win10v20201028
General
-
Target
COLCPD2020_01-x64.exe
-
Size
41.1MB
-
MD5
4b398cb93d0520601bbca445339e0de5
-
SHA1
17a1889842458a80ba05d7c7e101664481e3abb6
-
SHA256
3b68229dd28c65bbbd08be52ce534f0992305c9b498c03e5f87dbd12c3c0b518
-
SHA512
dff63e2838e260320c5d3a9d510dd14cff9eea845c474df1b5dd9c480d5b848ee7742d94eb4a95c5222b95a0539204b1623c8393cd25ddf6a2bd5ab0bd01cc46
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
COLCPD2020_01-x64.tmppid process 2432 COLCPD2020_01-x64.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
COLCPD2020_01-x64.exedescription pid process target process PID 2604 wrote to memory of 2432 2604 COLCPD2020_01-x64.exe COLCPD2020_01-x64.tmp PID 2604 wrote to memory of 2432 2604 COLCPD2020_01-x64.exe COLCPD2020_01-x64.tmp PID 2604 wrote to memory of 2432 2604 COLCPD2020_01-x64.exe COLCPD2020_01-x64.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\COLCPD2020_01-x64.exe"C:\Users\Admin\AppData\Local\Temp\COLCPD2020_01-x64.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-BIM6N.tmp\COLCPD2020_01-x64.tmp"C:\Users\Admin\AppData\Local\Temp\is-BIM6N.tmp\COLCPD2020_01-x64.tmp" /SL5="$20116,42858221,65536,C:\Users\Admin\AppData\Local\Temp\COLCPD2020_01-x64.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-BIM6N.tmp\COLCPD2020_01-x64.tmpMD5
0299335328f6304dbe547e46addc1eb2
SHA1a9a8a50f8b4263c5d6e7704a91950aed3e269543
SHA256d80bed06b7ebad072e1b9b7f57f653a2f6958c14fa89606536e8e03891081d39
SHA512ee4f3fd5a0754e04f8d1e0eb4e561fe3c18d5202aede75091d3877f3f197877b6b53de0024312a000951a1e80b30c14ca9a5e4137f40025a48bf60e56ff50ba8
-
C:\Users\Admin\AppData\Local\Temp\is-BIM6N.tmp\COLCPD2020_01-x64.tmpMD5
0299335328f6304dbe547e46addc1eb2
SHA1a9a8a50f8b4263c5d6e7704a91950aed3e269543
SHA256d80bed06b7ebad072e1b9b7f57f653a2f6958c14fa89606536e8e03891081d39
SHA512ee4f3fd5a0754e04f8d1e0eb4e561fe3c18d5202aede75091d3877f3f197877b6b53de0024312a000951a1e80b30c14ca9a5e4137f40025a48bf60e56ff50ba8
-
memory/2432-0-0x0000000000000000-mapping.dmp