Analysis
-
max time kernel
29s -
max time network
27s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
26-02-2021 15:44
Static task
static1
Behavioral task
behavioral1
Sample
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe
-
Size
115KB
-
MD5
d7dd35bfb368ebaf9b42d2824ae8d940
-
SHA1
99f3dd3376e9615f5863808ec4ed051ddad7ccfa
-
SHA256
b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309
-
SHA512
bbb79586ea55b31bb45bcc0ced9c1c8aa0cb2cbe8cfe2d084242b948e04a095c5b3880d7ab6e53eb196439f698ebb955d9c6e882508edf5dfcf2849d4b8615fa
Score
1/10
Malware Config
Signatures
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
Processes:
ipconfig.exepid process 636 ipconfig.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1644 wrote to memory of 636 1644 cmd.exe ipconfig.exe PID 1644 wrote to memory of 636 1644 cmd.exe ipconfig.exe PID 1644 wrote to memory of 636 1644 cmd.exe ipconfig.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe"C:\Users\Admin\AppData\Local\Temp\b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe"1⤵PID:1904
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\system32\ipconfig.exeipconfig2⤵
- Gathers network information
PID:636