Analysis
-
max time kernel
91s -
max time network
131s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-05-2021 13:43
General
-
Target
Document.exe
-
Size
753KB
-
MD5
abb973cc735baa96deac84f5653fd89a
-
SHA1
59c52bab6062e461866be8b918a376e4362571e1
-
SHA256
f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14
-
SHA512
b44074cc3a0b114e3580c2222c29782d42c814ab365731a97c3f76bbc62206a6cd59a12f86d16aeeb8004c84d5ad871bf2b058d291dfb66cf2fd138e0159b59b
Score
10/10
Malware Config
Signatures
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Blocklisted process makes network request 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Document.exe"C:\Users\Admin\AppData\Local\Temp\Document.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exeC:\Windows\System32\mshta.exe2⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/908-114-0x00000000005B0000-0x00000000005B1000-memory.dmpFilesize
4KB
-
memory/2776-115-0x0000000000000000-mapping.dmp
-
memory/2776-117-0x0000000000950000-0x0000000000951000-memory.dmpFilesize
4KB
-
memory/2776-116-0x00000000029E0000-0x00000000029E1000-memory.dmpFilesize
4KB
-
memory/2776-120-0x0000000010550000-0x0000000010586000-memory.dmpFilesize
216KB
-
memory/2776-121-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB
-
memory/2776-119-0x0000000000970000-0x0000000000971000-memory.dmpFilesize
4KB