Analysis
-
max time kernel
85s -
max time network
86s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
06-01-2021 07:16
General
-
Target
Scan_0011121021000.exe
-
Size
1.9MB
-
MD5
dfbdf304ffb322276a26f4d7ac26ea34
-
SHA1
5fd5e24be102441882add9a32e432ac32333ca6d
-
SHA256
738e16b6660e32ed957f9fd9e0c5cea56b1aaa7695bcdb56998ca9866071e32b
-
SHA512
09454ca8e82c963fc9caa564057f6bd4c6cd2f974f9ce42a4bbb1910ef21223398420e0d8748069194499ecbd5b9b8f9905d05f45c760b422161d7785eaa8acb
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
NetWire RAT payload 3 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Scan_0011121021000.exe"C:\Users\Admin\AppData\Local\Temp\Scan_0011121021000.exe"1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Scan_0011121021000.exe"C:\Users\Admin\AppData\Local\Temp\Scan_0011121021000.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/752-2-0x0000000074580000-0x0000000074C6E000-memory.dmpFilesize
6.9MB
-
memory/752-3-0x0000000001320000-0x0000000001321000-memory.dmpFilesize
4KB
-
memory/752-5-0x00000000008C0000-0x00000000008D1000-memory.dmpFilesize
68KB
-
memory/752-10-0x00000000008C0000-0x0000000000903000-memory.dmpFilesize
268KB
-
memory/1668-12-0x0000000000402453-mapping.dmp
-
memory/1668-11-0x0000000000400000-0x0000000000437000-memory.dmpFilesize
220KB
-
memory/1668-13-0x0000000000400000-0x0000000000437000-memory.dmpFilesize
220KB