cca8524bfc6f9e7d48bebcb99415b9740ecbbc55dc05ba9603421f6473b38b56 | Triage

Resubmissions

06-07-2021 15:18

210706-8174zbq4ne 10

05-07-2021 23:14

210705-xh9tfcanyj 10

Analysis

max time kernel
3s
max time network
41s
platform
windows7_x64
resource
win7v20210410
submitted
05-07-2021 23:14

Sharing

Report Analysis Logs

General

Target

d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe
Size

890KB
MD5

561cffbaba71a6e8cc1cdceda990ead4
SHA1

5162f14d75e96edb914d1756349d6e11583db0b0
SHA256

d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e
SHA512

09149b9825db2c9e6d2ec6665abc64b0b7aaafaa47c921c5bf0062cd7bedd1fc64cf54646a098f45fc4b930f5fbecee586fe839950c9135f64ea722b00baa50e

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1804	MsMpEng.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\mpsvc.dll	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe
File created	C:\Windows\MsMpEng.exe	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1804	736	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe	26
PID 736 wrote to memory of 1804	736	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe	26
PID 736 wrote to memory of 1804	736	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe	26
PID 736 wrote to memory of 1804	736	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe	26

C:\Users\Admin\AppData\Local\Temp\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe
"C:\Users\Admin\AppData\Local\Temp\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\MsMpEng.exe
  "C:\Windows\MsMpEng.exe"
  2⤵
  - Executes dropped EXE
  PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1804-63-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1804-64-0x0000000000120000-0x0000000000142000-memory.dmp

Filesize
136KB

Download