Overview

overview

10

Static

static

b69a30084b...09.exe

windows7_x64

1

b69a30084b...09.exe

windows10_x64

10

Analysis

  • max time kernel
    29s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    26-02-2021 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe

  • Size

    115KB

  • MD5

    d7dd35bfb368ebaf9b42d2824ae8d940

  • SHA1

    99f3dd3376e9615f5863808ec4ed051ddad7ccfa

  • SHA256

    b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309

  • SHA512

    bbb79586ea55b31bb45bcc0ced9c1c8aa0cb2cbe8cfe2d084242b948e04a095c5b3880d7ab6e53eb196439f698ebb955d9c6e882508edf5dfcf2849d4b8615fa

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe
    "C:\Users\Admin\AppData\Local\Temp\b69a30084b2fa7aea309e867e673e3dc5caaaeed119f5c51b271e3144b634309.exe"
    1⤵
      PID:1904
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Windows\system32\ipconfig.exe
        ipconfig
        2⤵
        • Gathers network information
        PID:636

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/636-3-0x0000000000000000-mapping.dmp
      Download
    • memory/1904-2-0x0000000075781000-0x0000000075783000-memory.dmp
      Filesize

      8KB

      Download