Analysis
-
max time kernel
82s -
max time network
82s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-11-2020 11:58
Static task
static1
Behavioral task
behavioral1
Sample
8fa0d7a53d973ca3d5ee0d93355bd99e.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8fa0d7a53d973ca3d5ee0d93355bd99e.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
8fa0d7a53d973ca3d5ee0d93355bd99e.exe
-
Size
78KB
-
MD5
8fa0d7a53d973ca3d5ee0d93355bd99e
-
SHA1
f6d3cd288ed7f0d1384d161bdb24b4bc909e7f34
-
SHA256
565fe57cae6b107bd5ed05670343c2a2f8881d2a702592368df73a53ed7ce8e1
-
SHA512
064018ce9a8ef68fa46833416df1552f0cdf65a7baf47914b96c9b11e85e349c9bab7cdf88eca3406d7fd14749a79409810de0f44795e5fe954d2f22f96c97a2
Score
6/10
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
8fa0d7a53d973ca3d5ee0d93355bd99e.exedescription pid process target process PID 1056 wrote to memory of 1972 1056 8fa0d7a53d973ca3d5ee0d93355bd99e.exe dw20.exe PID 1056 wrote to memory of 1972 1056 8fa0d7a53d973ca3d5ee0d93355bd99e.exe dw20.exe PID 1056 wrote to memory of 1972 1056 8fa0d7a53d973ca3d5ee0d93355bd99e.exe dw20.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-0-0x000007FEF60D0000-0x000007FEF6A6D000-memory.dmpFilesize
9.6MB
-
memory/1056-1-0x000007FEF60D0000-0x000007FEF6A6D000-memory.dmpFilesize
9.6MB
-
memory/1972-2-0x0000000000000000-mapping.dmp
-
memory/1972-3-0x0000000001EC0000-0x0000000001ED1000-memory.dmpFilesize
68KB