Analysis
-
max time kernel
187s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 04:38
General
-
Target
8ef29fdc370b4b4a07a3f077641dd33b205fd19a0a69b6a07c409689752b0264.exe
-
Size
209KB
-
MD5
278235035db35559eed0d9882d7e83a1
-
SHA1
960e43094f5f3e773ee9030634bc9de14685109e
-
SHA256
8ef29fdc370b4b4a07a3f077641dd33b205fd19a0a69b6a07c409689752b0264
-
SHA512
d8e60f87199951ac1a7392b6d5e8741ca6dea76c2c7a5773cf49058457d16184099936f4e63dc3b5f23657d36c2abff8b3172c98fdfb70bac001ef347578e9bc
Score
10/10
Malware Config
Signatures
-
NetWire RAT payload 1 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ef29fdc370b4b4a07a3f077641dd33b205fd19a0a69b6a07c409689752b0264.exe"C:\Users\Admin\AppData\Local\Temp\8ef29fdc370b4b4a07a3f077641dd33b205fd19a0a69b6a07c409689752b0264.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8ef29fdc370b4b4a07a3f077641dd33b205fd19a0a69b6a07c409689752b0264.exe"C:\Users\Admin\AppData\Local\Temp\8ef29fdc370b4b4a07a3f077641dd33b205fd19a0a69b6a07c409689752b0264.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5004-130-0x0000000000000000-mapping.dmp
-
memory/5004-131-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB