Analysis
-
max time kernel
82s -
max time network
82s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-11-2020 11:58
General
-
Target
8fa0d7a53d973ca3d5ee0d93355bd99e.exe
-
Size
78KB
-
MD5
8fa0d7a53d973ca3d5ee0d93355bd99e
-
SHA1
f6d3cd288ed7f0d1384d161bdb24b4bc909e7f34
-
SHA256
565fe57cae6b107bd5ed05670343c2a2f8881d2a702592368df73a53ed7ce8e1
-
SHA512
064018ce9a8ef68fa46833416df1552f0cdf65a7baf47914b96c9b11e85e349c9bab7cdf88eca3406d7fd14749a79409810de0f44795e5fe954d2f22f96c97a2
Score
6/10
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8fa0d7a53d973ca3d5ee0d93355bd99e.exe"C:\Users\Admin\AppData\Local\Temp\8fa0d7a53d973ca3d5ee0d93355bd99e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 5282⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-0-0x000007FEF60D0000-0x000007FEF6A6D000-memory.dmpFilesize
9.6MB
-
memory/1056-1-0x000007FEF60D0000-0x000007FEF6A6D000-memory.dmpFilesize
9.6MB
-
memory/1972-2-0x0000000000000000-mapping.dmp
-
memory/1972-3-0x0000000001EC0000-0x0000000001ED1000-memory.dmpFilesize
68KB