Analysis

  • max time kernel
    96s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    10-12-2020 10:35

General

  • Target

    90508db9aa3b3698eb08109217eb43b7.exe

  • Size

    1.0MB

  • MD5

    90508db9aa3b3698eb08109217eb43b7

  • SHA1

    f443522186cad995be2fce64a377bb1e01b49250

  • SHA256

    b28f4495e2cda5a5fef0408701a136d820c7cf2e7a45dd101e70b31458e31530

  • SHA512

    34f683a79d9bcef09a77dd2edf85015b540fd55cb2c709daa7363fa70518f30a6c99d48de7424ef551b8b13ce96dc6a472c319f1eddec2b4acaf2d0d8fb2f4aa

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90508db9aa3b3698eb08109217eb43b7.exe
    "C:\Users\Admin\AppData\Local\Temp\90508db9aa3b3698eb08109217eb43b7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:676
    • C:\Users\Admin\AppData\Local\Temp\90508db9aa3b3698eb08109217eb43b7.exe
      "C:\Users\Admin\AppData\Local\Temp\90508db9aa3b3698eb08109217eb43b7.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2120

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/676-2-0x0000000002350000-0x00000000023B5000-memory.dmp

    Filesize

    404KB

  • memory/676-4-0x0000000004850000-0x000000000489C000-memory.dmp

    Filesize

    304KB

  • memory/2120-6-0x0000000000530000-0x000000000055B000-memory.dmp

    Filesize

    172KB

  • memory/2120-8-0x0000000000530000-0x000000000055B000-memory.dmp

    Filesize

    172KB