Analysis
-
max time kernel
128s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-04-2022 13:43
General
-
Target
MyNDISPlan.scr
-
Size
40KB
-
MD5
c025124d271f7e1ca674ba43c7e069ad
-
SHA1
c02c4ed76dcf923e8ffff93ef6c68695d2e9a986
-
SHA256
78073cd80cd2ce04aa2f089760a60ffc494bd241eaa9787b17573eb152692ba5
-
SHA512
e72a5133237b84ae31e81385883965f8570c7b04e9fee2af0f02ee188b63f3bca9cc44a8ffdd869b72f598145c5f9b9f5ad105d567b7340d9804c017a7176a85
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Common Upatre Header Structure 2
suricata: ET MALWARE Common Upatre Header Structure 2
-
Deletes itself 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MyNDISPlan.scr"C:\Users\Admin\AppData\Local\Temp\MyNDISPlan.scr" /S1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Deletes itself
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/760-54-0x0000000000000000-mapping.dmp
-
memory/760-56-0x0000000076851000-0x0000000076853000-memory.dmpFilesize
8KB
-
memory/760-58-0x0000000000080000-0x0000000000082000-memory.dmpFilesize
8KB
-
memory/760-57-0x0000000000A50000-0x0000000000A58000-memory.dmpFilesize
32KB
-
memory/1012-55-0x0000000000400000-0x000000000040D000-memory.dmpFilesize
52KB