Analysis
-
max time kernel
103s -
max time network
57s -
platform
windows7_x64 -
resource
win7v200213 -
submitted
14-02-2020 04:43
Static task
static1
Behavioral task
behavioral1
Sample
salesforce_report.exe
Resource
win7v200213
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
salesforce_report.exe
Resource
win10v191014
windows10_x64
0 signatures
0 seconds
General
-
Target
salesforce_report.exe
-
Size
726KB
-
MD5
3e0aff10a361a752ab160228410f2432
-
SHA1
1a9f9ce853a9b9842baf7125021b5cc2e8be619e
-
SHA256
01a4fb177e04eeee392afbe6a73a681c3f77f095e862bbc03be3c70acab1f5c3
-
SHA512
a1c86b8214bd4761cdee8e2de2d08314966931c6dd00692c80ddda1ea3de701b913744b87a9bddd3ebc380b6ba8a7d5b07648b1c12b82223decca00a72ba6ca1
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
salesforce_report.exe커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exedescription pid process target process PID 1984 wrote to memory of 2016 1984 salesforce_report.exe 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe PID 1984 wrote to memory of 2016 1984 salesforce_report.exe 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe PID 1984 wrote to memory of 2016 1984 salesforce_report.exe 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe PID 1984 wrote to memory of 2016 1984 salesforce_report.exe 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe PID 2016 wrote to memory of 1096 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe svchost.exe PID 2016 wrote to memory of 1096 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe svchost.exe PID 2016 wrote to memory of 1096 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe svchost.exe PID 2016 wrote to memory of 1096 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe svchost.exe PID 2016 wrote to memory of 1096 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe svchost.exe PID 2016 wrote to memory of 1096 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe svchost.exe -
Executes dropped EXE 1 IoCs
Processes:
커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exepid process 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
salesforce_report.exe커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exepid process 1984 salesforce_report.exe 2016 커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe -
Loads dropped DLL 2 IoCs
Processes:
salesforce_report.exepid process 1984 salesforce_report.exe 1984 salesforce_report.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\salesforce_report.exe"C:\Users\Admin\AppData\Local\Temp\salesforce_report.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Loads dropped DLL
-
C:\ProgramData\커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe"C:\ProgramData\커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe"2⤵
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe
-
C:\ProgramData\커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe
-
\ProgramData\커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe
-
\ProgramData\커пе피&هوةпиթեյо;;ուրճг;;зedコーчВыーр咖啡.exe
-
memory/1984-0-0x0000000000370000-0x00000000003A4000-memory.dmpFilesize
208KB
-
memory/2016-4-0x0000000001F00000-0x0000000001F34000-memory.dmpFilesize
208KB
-
memory/2016-6-0x0000000001F40000-0x0000000001F71000-memory.dmpFilesize
196KB