Analysis

  • max time kernel
    82s
  • max time network
    82s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    17-11-2020 11:58

General

  • Target

    8fa0d7a53d973ca3d5ee0d93355bd99e.exe

  • Size

    78KB

  • MD5

    8fa0d7a53d973ca3d5ee0d93355bd99e

  • SHA1

    f6d3cd288ed7f0d1384d161bdb24b4bc909e7f34

  • SHA256

    565fe57cae6b107bd5ed05670343c2a2f8881d2a702592368df73a53ed7ce8e1

  • SHA512

    064018ce9a8ef68fa46833416df1552f0cdf65a7baf47914b96c9b11e85e349c9bab7cdf88eca3406d7fd14749a79409810de0f44795e5fe954d2f22f96c97a2

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fa0d7a53d973ca3d5ee0d93355bd99e.exe
    "C:\Users\Admin\AppData\Local\Temp\8fa0d7a53d973ca3d5ee0d93355bd99e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 528
      2⤵
        PID:1972

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Discovery

    Query Registry

    1
    T1012

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1056-0-0x000007FEF60D0000-0x000007FEF6A6D000-memory.dmp
      Filesize

      9.6MB

    • memory/1056-1-0x000007FEF60D0000-0x000007FEF6A6D000-memory.dmp
      Filesize

      9.6MB

    • memory/1972-2-0x0000000000000000-mapping.dmp
    • memory/1972-3-0x0000000001EC0000-0x0000000001ED1000-memory.dmp
      Filesize

      68KB