Analysis

  • max time kernel
    61s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    03/12/2020, 13:29

General

  • Target

    IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe

  • Size

    1.1MB

  • MD5

    3622e05ed8fed75a31eae667a21e4050

  • SHA1

    61d86df4b3d5d0e2905a79fa318dcbcbf39b5bfa

  • SHA256

    216650e16b03a9755838309935b714f8b01daf2273f97af0b33887000289c862

  • SHA512

    9b70a519c804a13fb434fdca1f47ad3c1ef2263dea0eb1e8d2b3a3cd0914946a155a23a3fa7e7b4ed72451774dd9ce65f931236de5d1c8161a29eaec4f2383e6

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe
      "C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe"
      2⤵
        PID:1612
      • C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe
        "C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe"
        2⤵
          PID:1688
        • C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe
          "C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe"
          2⤵
            PID:792
          • C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe
            "C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe"
            2⤵
              PID:1080
            • C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe
              "C:\Users\Admin\AppData\Local\Temp\IWZQ4WsDqXVYODCZNbcU_LAdryJz_XrwsziHAAKJyGI.bin.exe"
              2⤵
                PID:1088

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1640-2-0x00000000745C0000-0x0000000074CAE000-memory.dmp

              Filesize

              6.9MB

            • memory/1640-3-0x0000000000310000-0x0000000000311000-memory.dmp

              Filesize

              4KB

            • memory/1640-5-0x00000000259A0000-0x0000000045988000-memory.dmp

              Filesize

              511.9MB

            • memory/1640-6-0x0000000045DE0000-0x0000000045E7C000-memory.dmp

              Filesize

              624KB

            • memory/1640-7-0x00000000004F0000-0x00000000004F8000-memory.dmp

              Filesize

              32KB

            • memory/1640-9-0x0000000045BB0000-0x0000000045C39000-memory.dmp

              Filesize

              548KB