Analysis

  • max time kernel
    150s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    16-06-2021 20:45

General

  • Target

    956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

  • Size

    157KB

  • MD5

    94f7c4c80eb1723977b6f31dbb0f1b3e

  • SHA1

    a335b3ede802fdb1971b27eb1b3f0996e30237ab

  • SHA256

    956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42

  • SHA512

    a25788f6ad990a6c9ae1b0f36a07849e9aadb8283fe5e2385f4686f6d7a3f459c0162c09ce5ff2e831202fc8995143b5cf5f5597d249a3b78afa84a96702e347

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
    "C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe"
    1⤵
    • Modifies Internet Explorer Protected Mode
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
      C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe --vwxyz
      2⤵
        PID:1000

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1000-60-0x0000000000000000-mapping.dmp

    • memory/1988-59-0x00000000767B1000-0x00000000767B3000-memory.dmp

      Filesize

      8KB