b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277 | Triage

Resubmissions

02/12/2020, 13:57

201202-jdp64q14ds 7

02/12/2020, 13:45

201202-1y5asrdnke 7

01/12/2020, 09:29

201201-zsltvgg6kj 7

01/12/2020, 09:16

201201-4t8lf6xbr6 10

Analysis

max time kernel
52s
max time network
120s
platform
windows10_x64
resource
win10v20201028
submitted
01/12/2020, 09:29

Sharing

Report Analysis Logs

General

Target

sprintopen.exe
Size

80KB
MD5

e91d1087dc9767e75f14b335c8d88233
SHA1

ddafa725ecd7b2a59bef559904a45d379f593bc7
SHA256

b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277
SHA512

e7e38ada160ac79ba3204700a7c92cb3fb48cde6936545007bdca8d0b60692a7b8c6baa1fea3c0127293733046712d479efb3d8793541f71a786cef018780b5d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
508	sprintopen.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 508 set thread context of 1712	508	sprintopen.exe	77

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
508	sprintopen.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 508 wrote to memory of 1712	508	sprintopen.exe	77
PID 508 wrote to memory of 1712	508	sprintopen.exe	77
PID 508 wrote to memory of 1712	508	sprintopen.exe	77
PID 508 wrote to memory of 1712	508	sprintopen.exe	77

C:\Users\Admin\AppData\Local\Temp\sprintopen.exe
"C:\Users\Admin\AppData\Local\Temp\sprintopen.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:508
- C:\Users\Admin\AppData\Local\Temp\sprintopen.exe
  "C:\Users\Admin\AppData\Local\Temp\sprintopen.exe"
  2⤵
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1712-3-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download
memory/1712-5-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download