b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277

Resubmissions

02-12-2020 13:57

02-12-2020 13:45

01-12-2020 09:29

01-12-2020 09:16

Target

sprintopen.exe
Size

80KB
MD5

e91d1087dc9767e75f14b335c8d88233
SHA1

ddafa725ecd7b2a59bef559904a45d379f593bc7
SHA256

b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277
SHA512

e7e38ada160ac79ba3204700a7c92cb3fb48cde6936545007bdca8d0b60692a7b8c6baa1fea3c0127293733046712d479efb3d8793541f71a786cef018780b5d

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

sprintopen.exe

pid process

508 sprintopen.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

sprintopen.exe

description pid process target process

PID 508 set thread context of 1712 508 sprintopen.exe sprintopen.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

sprintopen.exe

pid process

508 sprintopen.exe

pid	process
508	sprintopen.exe

description	pid	process	target process
PID 508 set thread context of 1712	508	sprintopen.exe	sprintopen.exe

pid	process
508	sprintopen.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

sprintopen.exe

description	pid	process	target process
PID 508 wrote to memory of 1712	508	sprintopen.exe	sprintopen.exe
PID 508 wrote to memory of 1712	508	sprintopen.exe	sprintopen.exe
PID 508 wrote to memory of 1712	508	sprintopen.exe	sprintopen.exe
PID 508 wrote to memory of 1712	508	sprintopen.exe	sprintopen.exe

C:\Users\Admin\AppData\Local\Temp\sprintopen.exe
"C:\Users\Admin\AppData\Local\Temp\sprintopen.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:508
- C:\Users\Admin\AppData\Local\Temp\sprintopen.exe
  "C:\Users\Admin\AppData\Local\Temp\sprintopen.exe"
  2⤵
  PID:1712

\Users\Admin\AppData\Local\Temp\nsi66DF.tmp\System.dll

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit
memory/1712-3-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download
memory/1712-4-0x0000000040005DA8-mapping.dmp

Download
memory/1712-5-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download