f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f | Triage

Analysis

max time kernel
136s
max time network
25s
platform
windows7_x64
resource
win7v200430
submitted
19-07-2020 13:05

Sharing

Report Analysis Logs

General

Target

f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe
Size

252KB
MD5

6dbce1851b656de5f49eb1d8c9786b72
SHA1

e63a7e56571b100c6acd02ba892ed35e97b35fe1
SHA256

f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f
SHA512

ab89353957f9b369b8cd3d61c64c4d3cd82a1f2e1a454d496d20c87da2b60baeb679aa803f0f50f5c1fd835992528c02f03ab5f692e1dc5ab6385ecd75e09760

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe

description	pid	process	target process
PID 1432 wrote to memory of 1488	1432	f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe	dw20.exe
PID 1432 wrote to memory of 1488	1432	f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe	dw20.exe
PID 1432 wrote to memory of 1488	1432	f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe	dw20.exe
PID 1432 wrote to memory of 1488	1432	f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe
"C:\Users\Admin\AppData\Local\Temp\f6521e298c849c14cd0a4d0e8947fa2d990e06d978e89a262e62c968cefd9b8f.bin.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1432

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 416
2⤵
PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-0-0x0000000000000000-mapping.dmp

Download
memory/1488-1-0x0000000001E50000-0x0000000001E61000-memory.dmp

Filesize
68KB

Download
memory/1488-2-0x0000000002360000-0x0000000002371000-memory.dmp

Filesize
68KB

Download