e9075f06a81e60ba1f6f344a7ec8c62ebe23be24f0807aea95e80b6bf7c49c42 | Triage

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-en-20210920
submitted
26-09-2021 23:00

Sharing

Report Analysis Logs

General

Target

Loader.bin.exe
Size

6KB
MD5

5c3b3d29900401cf7c8a6f7da0a1d7fa
SHA1

41cf781fed46bf34cbec0a2852c56592297cc7ed
SHA256

fc4590965f4831e8ed0e8465df39ca064d14dfcb79f320bf937ba18807d08f2c
SHA512

ddec58841d1b8c9278802ae310701c89eaf6cf306d21cd0af1b913e54ea524438799c1038f5a3c2b2288b770b46fad785331798b7ee826fb30e5e65965bdceca

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Loader.bin.exe

description	pid	process	target process
PID 1652 wrote to memory of 1568	1652	Loader.bin.exe	dw20.exe
PID 1652 wrote to memory of 1568	1652	Loader.bin.exe	dw20.exe
PID 1652 wrote to memory of 1568	1652	Loader.bin.exe	dw20.exe
PID 1652 wrote to memory of 1568	1652	Loader.bin.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\Loader.bin.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 408
2⤵
PID:1568

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1568-55-0x0000000000000000-mapping.dmp

Download
memory/1568-58-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1652-54-0x0000000074C71000-0x0000000074C73000-memory.dmp

Filesize
8KB

Download
memory/1652-57-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download