Analysis
-
max time kernel
152s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 15:04
General
-
Target
TRANSAC2.exe
-
Size
1.2MB
-
MD5
003d19970194080b5cf4943b45ffb523
-
SHA1
d1215cc8a501c297157ca4d44bc683f95c747f86
-
SHA256
5a9dc7a0a78582178b5ecc4b83725338027de4ec8d68ccf2f22ea6e92aab509f
-
SHA512
62f69b3c5eaf138b7ed3c30b1e9b79b2ff4fec9d17f537d2f4fc5cd6fe3d775244df6c9449df2ad1694207de1310be0d3ff875ddae73cb8b9c0f5379f8a9a217
Score
10/10
Malware Config
Signatures
-
NetWire RAT payload 2 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TRANSAC2.exe"C:\Users\Admin\AppData\Local\Temp\TRANSAC2.exe"1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\TRANSAC2.exe"C:\Users\Admin\AppData\Local\Temp\TRANSAC2.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2104-131-0x0000000000000000-mapping.dmp
-
memory/2104-132-0x0000000000AA0000-0x0000000000ACB000-memory.dmpFilesize
172KB
-
memory/2104-141-0x0000000000AA0000-0x0000000000ACB000-memory.dmpFilesize
172KB
-
memory/4880-130-0x0000000003E80000-0x0000000003EC0000-memory.dmpFilesize
256KB
-
memory/4880-142-0x0000000004E80000-0x0000000004EC0000-memory.dmpFilesize
256KB