78073cd80cd2ce04aa2f089760a60ffc494bd241eaa9787b17573eb152692ba5 | Triage

Analysis

max time kernel
68s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
23-04-2022 13:43

Sharing

Report Analysis Logs

General

Target

MyNDISPlan.scr
Size

40KB
MD5

c025124d271f7e1ca674ba43c7e069ad
SHA1

c02c4ed76dcf923e8ffff93ef6c68695d2e9a986
SHA256

78073cd80cd2ce04aa2f089760a60ffc494bd241eaa9787b17573eb152692ba5
SHA512

e72a5133237b84ae31e81385883965f8570c7b04e9fee2af0f02ee188b63f3bca9cc44a8ffdd869b72f598145c5f9b9f5ad105d567b7340d9804c017a7176a85

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

MyNDISPlan.scr

pid process

948 MyNDISPlan.scr
948 MyNDISPlan.scr

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

MyNDISPlan.scr

description	pid	process	target process
PID 948 wrote to memory of 2328	948	MyNDISPlan.scr	svchost.exe
PID 948 wrote to memory of 2328	948	MyNDISPlan.scr	svchost.exe
PID 948 wrote to memory of 2328	948	MyNDISPlan.scr	svchost.exe

C:\Users\Admin\AppData\Local\Temp\MyNDISPlan.scr
"C:\Users\Admin\AppData\Local\Temp\MyNDISPlan.scr" /S
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:948

C:\Windows\SysWOW64\svchost.exe
svchost.exe
2⤵
PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-131-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2328-130-0x0000000000000000-mapping.dmp

Download