Overview
overview
10Static
static
#Order#.exe
windows7_x64
7#Order#.exe
windows10_x64
7#QTN-20-97...7..exe
windows7_x64
6#QTN-20-97...7..exe
windows10_x64
5$70k MT 30JAN.exe
windows7_x64
6$70k MT 30JAN.exe
windows10_x64
603-02-20.exe
windows7_x64
703-02-20.exe
windows10_x64
720191107145436608.exe
windows7_x64
620191107145436608.exe
windows10_x64
62019111211...fo.exe
windows7_x64
62019111211...fo.exe
windows10_x64
62020 ORDERS.exe
windows7_x64
52020 ORDERS.exe
windows10_x64
5624880_ZOC...PT.exe
windows7_x64
6624880_ZOC...PT.exe
windows10_x64
6ADMIN DEPT...NT.exe
windows7_x64
8ADMIN DEPT...NT.exe
windows10_x64
10AWB_TR0089.exe
windows7_x64
1AWB_TR0089.exe
windows10_x64
1Avis de virement.exe
windows7_x64
7Avis de virement.exe
windows10_x64
8BL-INVOICE...CS.exe
windows7_x64
6BL-INVOICE...CS.exe
windows10_x64
6BMS PO 4820.exe
windows7_x64
6BMS PO 4820.exe
windows10_x64
6BSO_191120...df.exe
windows7_x64
6BSO_191120...df.exe
windows10_x64
6Bank Information.exe
windows7_x64
6Bank Information.exe
windows10_x64
6C.V - Expe...es.exe
windows7_x64
7C.V - Expe...es.exe
windows10_x64
7C956PO.exe
windows7_x64
6C956PO.exe
windows10_x64
6CIN - U140...32.exe
windows7_x64
6CIN - U140...32.exe
windows10_x64
6CV - Resum...ma.exe
windows7_x64
10CV - Resum...ma.exe
windows10_x64
7Calendar2Excel.exe
windows7_x64
1Calendar2Excel.exe
windows10_x64
1DOC302429042_SDOU.exe
windows7_x64
5DOC302429042_SDOU.exe
windows10_x64
5DOC37774732.exe
windows7_x64
6DOC37774732.exe
windows10_x64
6Doc _45654.exe
windows7_x64
6Doc _45654.exe
windows10_x64
6Docs.exe
windows7_x64
6Docs.exe
windows10_x64
6Document_Invoice.exe
windows7_x64
7Document_Invoice.exe
windows10_x64
7FOENER RFQ...DF.exe
windows7_x64
6FOENER RFQ...DF.exe
windows10_x64
6Following ...ts.exe
windows7_x64
7Following ...ts.exe
windows10_x64
7HTQ19-P040...AN.exe
windows7_x64
7HTQ19-P040...AN.exe
windows10_x64
7IMAGE221.exe
windows7_x64
8IMAGE221.exe
windows10_x64
8Invoice.exe
windows7_x64
6Invoice.exe
windows10_x64
6LPO-16155152112.exe
windows7_x64
7LPO-16155152112.exe
windows10_x64
8Lëscht vu...lt.exe
windows7_x64
6Lëscht vu...lt.exe
windows10_x64
6MT Swift copy.exe
windows7_x64
6MT Swift copy.exe
windows10_x64
6NEW P.O-8...FE.exe
windows7_x64
6NEW P.O-8...FE.exe
windows10_x64
6NEW P.O -J...20.exe
windows7_x64
6NEW P.O -J...20.exe
windows10_x64
6NNBL DRAFT...df.exe
windows7_x64
6NNBL DRAFT...df.exe
windows10_x64
6New Order ...05.exe
windows7_x64
6New Order ...05.exe
windows10_x64
6New Purcha...er.exe
windows7_x64
8New Purcha...er.exe
windows10_x64
8New Year Order.exe
windows7_x64
8New Year Order.exe
windows10_x64
8New order ...5).exe
windows7_x64
10New order ...5).exe
windows10_x64
10OCEAN BILL...NG.exe
windows7_x64
6OCEAN BILL...NG.exe
windows10_x64
6ORDER FILE.exe
windows7_x64
10ORDER FILE.exe
windows10_x64
10Order Feb 2020.exe
windows7_x64
6Order Feb 2020.exe
windows10_x64
6Order Speciations.exe
windows7_x64
1Order Speciations.exe
windows10_x64
10Order list.exe
windows7_x64
8Order list.exe
windows10_x64
8P.O.25890.exe
windows7_x64
6P.O.25890.exe
windows10_x64
6PAYMENT DE...DF.exe
windows7_x64
10PAYMENT DE...DF.exe
windows10_x64
10PDF324561.exe
windows7_x64
6PDF324561.exe
windows10_x64
6PO BMS 4820.exe
windows7_x64
6PO BMS 4820.exe
windows10_x64
6PO NO.SC-100887.exe
windows7_x64
6PO NO.SC-100887.exe
windows10_x64
6PO#32136578.exe
windows7_x64
6PO#32136578.exe
windows10_x64
6PO#P-13082...df.exe
windows7_x64
5PO#P-13082...df.exe
windows10_x64
5PO-0088PI69.exe
windows7_x64
6PO-0088PI69.exe
windows10_x64
6PO-05808T008.exe
windows7_x64
6PO-05808T008.exe
windows10_x64
6PO-ABA-098722.exe
windows7_x64
7PO-ABA-098722.exe
windows10_x64
7PO. 11092873.exe
windows7_x64
6PO. 11092873.exe
windows10_x64
6PO.exe
windows7_x64
6PO.exe
windows10_x64
6PO1782020.exe
windows7_x64
10PO1782020.exe
windows10_x64
10PO3245_Signed.exe
windows7_x64
10PO3245_Signed.exe
windows10_x64
10PRODUCT LIST.exe
windows7_x64
6PRODUCT LIST.exe
windows10_x64
6Payment De...ce.exe
windows7_x64
6Payment De...ce.exe
windows10_x64
6Payment Details.exe
windows7_x64
10Payment Details.exe
windows10_x64
10Photo-Samp...50.exe
windows7_x64
7Photo-Samp...50.exe
windows10_x64
10Presupuest...19.exe
windows7_x64
6Presupuest...19.exe
windows10_x64
6Proform In...ea.exe
windows7_x64
6Proform In...ea.exe
windows10_x64
6Proform Invoice.exe
windows7_x64
6Proform Invoice.exe
windows10_x64
6Proforma Invoice.exe
windows7_x64
6Proforma Invoice.exe
windows10_x64
6Purchase O...2).exe
windows7_x64
8Purchase O...2).exe
windows10_x64
8Purchase Order.exe
windows7_x64
7Purchase Order.exe
windows10_x64
7Purchase order.exe
windows7_x64
7Purchase order.exe
windows10_x64
7QUOTATION.Pdf.exe
windows7_x64
8QUOTATION.Pdf.exe
windows10_x64
8Quotation.exe
windows7_x64
7Quotation.exe
windows10_x64
7RFQ2901202...43.exe
windows7_x64
6RFQ2901202...43.exe
windows10_x64
5Revised_PO...01.exe
windows7_x64
10Revised_PO...01.exe
windows10_x64
10SEA LONGIT...ER.exe
windows7_x64
1SEA LONGIT...ER.exe
windows10_x64
1SHIPPING P...76.exe
windows7_x64
6SHIPPING P...76.exe
windows10_x64
6SKM_C33501...00.exe
windows7_x64
6SKM_C33501...00.exe
windows10_x64
6SOA DEC 2019.exe
windows7_x64
1SOA DEC 2019.exe
windows10_x64
7SOA JAN 2020.exe
windows7_x64
6SOA JAN 2020.exe
windows10_x64
6SOA.exe
windows7_x64
6SOA.exe
windows10_x64
6SP3-139-V1...ER.exe
windows7_x64
8SP3-139-V1...ER.exe
windows10_x64
8Scan 50%_s...89.exe
windows7_x64
6Scan 50%_s...89.exe
windows10_x64
6Shipment Details.exe
windows7_x64
10Shipment Details.exe
windows10_x64
10Shipping D...B).exe
windows7_x64
1Shipping D...B).exe
windows10_x64
1Shipping i...t..exe
windows7_x64
6Shipping i...t..exe
windows10_x64
6Swift copy.exe
windows7_x64
6Swift copy.exe
windows10_x64
6Swift.exe
windows7_x64
10Swift.exe
windows10_x64
10TT COPY.exe
windows7_x64
6TT COPY.exe
windows10_x64
6TT Statement.exe
windows7_x64
6TT Statement.exe
windows10_x64
6The Original Copy.exe
windows7_x64
10The Original Copy.exe
windows10_x64
7UPDATE SOA...41.exe
windows7_x64
1UPDATE SOA...41.exe
windows10_x64
1URGENT ENQUIRY.exe
windows7_x64
1URGENT ENQUIRY.exe
windows10_x64
1Untitled_2...-1.exe
windows7_x64
1Untitled_2...-1.exe
windows10_x64
7Unusual lo...ss.exe
windows7_x64
1Unusual lo...ss.exe
windows10_x64
1bin_2CE6.exe
windows7_x64
5bin_2CE6.exe
windows10_x64
6bin_4B66.exe
windows7_x64
8bin_4B66.exe
windows10_x64
10bin_C237.exe
windows7_x64
5bin_C237.exe
windows10_x64
6bin_protec...1F.exe
windows7_x64
5bin_protec...1F.exe
windows10_x64
6devis.exe
windows7_x64
5devis.exe
windows10_x64
5dhl_doc7348255141.exe
windows7_x64
6dhl_doc7348255141.exe
windows10_x64
6documento.exe
windows7_x64
7documento.exe
windows10_x64
7new order -85486.exe
windows7_x64
6new order -85486.exe
windows10_x64
6payment 000012223.exe
windows7_x64
6payment 000012223.exe
windows10_x64
6po 23232 signed.exe
windows7_x64
10po 23232 signed.exe
windows10_x64
10products inquiry.exe
windows7_x64
6products inquiry.exe
windows10_x64
6products_inquiry.exe
windows7_x64
6products_inquiry.exe
windows10_x64
6proforma invoice.exe
windows7_x64
6proforma invoice.exe
windows10_x64
6purchase o...7..exe
windows7_x64
7purchase o...7..exe
windows10_x64
7shipping doc.exe
windows7_x64
6shipping doc.exe
windows10_x64
6statement ...nt.exe
windows7_x64
6statement ...nt.exe
windows10_x64
6swift.exe
windows7_x64
10swift.exe
windows10_x64
10swiftcopy 433.exe
windows7_x64
10swiftcopy 433.exe
windows10_x64
10swiftcopy.exe
windows7_x64
10swiftcopy.exe
windows10_x64
10updated statement.exe
windows7_x64
6updated statement.exe
windows10_x64
6w3TM24p.exe
windows7_x64
1w3TM24p.exe
windows10_x64
1Analysis
-
max time kernel
153s -
max time network
91s -
platform
windows7_x64 -
resource
win7v200217 -
submitted
20-02-2020 07:05
Static task
static1
Behavioral task
behavioral1
Sample
#Order#.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral2
Sample
#Order#.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral3
Sample
#QTN-20-971-JA04Q7..exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral4
Sample
#QTN-20-971-JA04Q7..exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral5
Sample
$70k MT 30JAN.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral6
Sample
$70k MT 30JAN.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral7
Sample
03-02-20.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral8
Sample
03-02-20.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral9
Sample
20191107145436608.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral10
Sample
20191107145436608.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral11
Sample
2019111211292579875_BankInfo.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral12
Sample
2019111211292579875_BankInfo.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral13
Sample
2020 ORDERS.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral14
Sample
2020 ORDERS.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral15
Sample
624880_ZOC10280374040_IFP_PT.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral16
Sample
624880_ZOC10280374040_IFP_PT.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral17
Sample
ADMIN DEPT. INVOICES 482 SGT STATEMENT.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral18
Sample
ADMIN DEPT. INVOICES 482 SGT STATEMENT.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral19
Sample
AWB_TR0089.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral20
Sample
AWB_TR0089.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral21
Sample
Avis de virement.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral22
Sample
Avis de virement.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral23
Sample
BL-INVOICE SHIPPING DOCS.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral24
Sample
BL-INVOICE SHIPPING DOCS.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral25
Sample
BMS PO 4820.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral26
Sample
BMS PO 4820.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral27
Sample
BSO_191120201_430001882_SHpdf.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral28
Sample
BSO_191120201_430001882_SHpdf.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral29
Sample
Bank Information.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral30
Sample
Bank Information.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral31
Sample
C.V - Experience Certificates.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral32
Sample
C.V - Experience Certificates.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral33
Sample
C956PO.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral34
Sample
C956PO.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral35
Sample
CIN - U14012020KA2006PTC038132.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral36
Sample
CIN - U14012020KA2006PTC038132.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral37
Sample
CV - Resume of Sunil Sharma.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral38
Sample
CV - Resume of Sunil Sharma.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral39
Sample
Calendar2Excel.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral40
Sample
Calendar2Excel.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral41
Sample
DOC302429042_SDOU.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral42
Sample
DOC302429042_SDOU.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral43
Sample
DOC37774732.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral44
Sample
DOC37774732.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral45
Sample
Doc _45654.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral46
Sample
Doc _45654.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral47
Sample
Docs.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral48
Sample
Docs.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral49
Sample
Document_Invoice.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral50
Sample
Document_Invoice.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral51
Sample
FOENER RFQ 24005-1101259321_PDF.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral52
Sample
FOENER RFQ 24005-1101259321_PDF.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral53
Sample
Following documents.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral54
Sample
Following documents.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral55
Sample
HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral56
Sample
HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral57
Sample
IMAGE221.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral58
Sample
IMAGE221.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral59
Sample
Invoice.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral60
Sample
Invoice.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral61
Sample
LPO-16155152112.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral62
Sample
LPO-16155152112.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral63
Sample
Lëscht vun de Rechnungen fir Dezember 2019 net bezuelt.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral64
Sample
Lëscht vun de Rechnungen fir Dezember 2019 net bezuelt.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral65
Sample
MT Swift copy.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral66
Sample
MT Swift copy.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral67
Sample
NEW P.O-8T638TYIGFE.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral68
Sample
NEW P.O-8T638TYIGFE.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral69
Sample
NEW P.O -JANUARY 2020.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral70
Sample
NEW P.O -JANUARY 2020.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral71
Sample
NNBL DRAFT SEA LONGITUDE RBDPL14703MT.pdf.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral72
Sample
NNBL DRAFT SEA LONGITUDE RBDPL14703MT.pdf.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral73
Sample
New Order PO# 1028020605.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral74
Sample
New Order PO# 1028020605.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral75
Sample
New Purchase Order.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral76
Sample
New Purchase Order.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral77
Sample
New Year Order.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral78
Sample
New Year Order.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral79
Sample
New order (#20105).exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral80
Sample
New order (#20105).exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral81
Sample
OCEAN BILL OF LADING.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral82
Sample
OCEAN BILL OF LADING.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral83
Sample
ORDER FILE.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral84
Sample
ORDER FILE.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral85
Sample
Order Feb 2020.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral86
Sample
Order Feb 2020.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral87
Sample
Order Speciations.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral88
Sample
Order Speciations.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral89
Sample
Order list.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral90
Sample
Order list.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral91
Sample
P.O.25890.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral92
Sample
P.O.25890.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral93
Sample
PAYMENT DETAILS_PDF.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral94
Sample
PAYMENT DETAILS_PDF.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral95
Sample
PDF324561.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral96
Sample
PDF324561.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral97
Sample
PO BMS 4820.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral98
Sample
PO BMS 4820.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral99
Sample
PO NO.SC-100887.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral100
Sample
PO NO.SC-100887.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral101
Sample
PO#32136578.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral102
Sample
PO#32136578.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral103
Sample
PO#P-130828-01.pdf.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral104
Sample
PO#P-130828-01.pdf.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral105
Sample
PO-0088PI69.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral106
Sample
PO-0088PI69.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral107
Sample
PO-05808T008.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral108
Sample
PO-05808T008.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral109
Sample
PO-ABA-098722.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral110
Sample
PO-ABA-098722.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral111
Sample
PO. 11092873.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral112
Sample
PO. 11092873.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral113
Sample
PO.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral114
Sample
PO.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral115
Sample
PO1782020.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral116
Sample
PO1782020.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral117
Sample
PO3245_Signed.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral118
Sample
PO3245_Signed.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral119
Sample
PRODUCT LIST.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral120
Sample
PRODUCT LIST.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral121
Sample
Payment Defaulter Notice.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral122
Sample
Payment Defaulter Notice.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral123
Sample
Payment Details.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral124
Sample
Payment Details.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral125
Sample
Photo-Sample 7t09250.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral126
Sample
Photo-Sample 7t09250.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral127
Sample
Presupuesto de Ventas para Fluiters RQF R21100Q2, DEC 2019.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral128
Sample
Presupuesto de Ventas para Fluiters RQF R21100Q2, DEC 2019.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral129
Sample
Proform Invoice no 123 by sea.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral130
Sample
Proform Invoice no 123 by sea.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral131
Sample
Proform Invoice.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral132
Sample
Proform Invoice.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral133
Sample
Proforma Invoice.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral134
Sample
Proforma Invoice.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral135
Sample
Purchase Order-030220 (2).exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral136
Sample
Purchase Order-030220 (2).exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral137
Sample
Purchase Order.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral138
Sample
Purchase Order.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral139
Sample
Purchase order.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral140
Sample
Purchase order.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral141
Sample
QUOTATION.Pdf.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral142
Sample
QUOTATION.Pdf.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral143
Sample
Quotation.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral144
Sample
Quotation.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral145
Sample
RFQ2901202066455343.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral146
Sample
RFQ2901202066455343.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral147
Sample
Revised_PO#SF389201.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral148
Sample
Revised_PO#SF389201.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral149
Sample
SEA LONGITUDE NOR tendered at Lubuk Gaung - CASH TO MASTER.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral150
Sample
SEA LONGITUDE NOR tendered at Lubuk Gaung - CASH TO MASTER.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral151
Sample
SHIPPING PO=00000301076.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral152
Sample
SHIPPING PO=00000301076.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral153
Sample
SKM_C3350191107102300.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral154
Sample
SKM_C3350191107102300.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral155
Sample
SOA DEC 2019.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral156
Sample
SOA DEC 2019.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral157
Sample
SOA JAN 2020.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral158
Sample
SOA JAN 2020.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral159
Sample
SOA.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral160
Sample
SOA.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral161
Sample
SP3-139-V128 ORDER.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral162
Sample
SP3-139-V128 ORDER.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral163
Sample
Scan 50%_swiftoutput098765456789.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral164
Sample
Scan 50%_swiftoutput098765456789.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral165
Sample
Shipment Details.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral166
Sample
Shipment Details.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral167
Sample
Shipping Doc-01022020 .PDF (212KB).exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral168
Sample
Shipping Doc-01022020 .PDF (212KB).exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral169
Sample
Shipping invoice for Balance Pymt..exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral170
Sample
Shipping invoice for Balance Pymt..exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral171
Sample
Swift copy.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral172
Sample
Swift copy.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral173
Sample
Swift.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral174
Sample
Swift.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral175
Sample
TT COPY.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral176
Sample
TT COPY.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral177
Sample
TT Statement.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral178
Sample
TT Statement.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral179
Sample
The Original Copy.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral180
Sample
The Original Copy.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral181
Sample
UPDATE SOA USD-1227.41.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral182
Sample
UPDATE SOA USD-1227.41.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral183
Sample
URGENT ENQUIRY.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral184
Sample
URGENT ENQUIRY.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral185
Sample
Untitled_20120_160110-1.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral186
Sample
Untitled_20120_160110-1.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral187
Sample
Unusual location & IP Address.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral188
Sample
Unusual location & IP Address.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral189
Sample
bin_2CE6.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral190
Sample
bin_2CE6.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral191
Sample
bin_4B66.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral192
Sample
bin_4B66.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral193
Sample
bin_C237.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral194
Sample
bin_C237.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral195
Sample
bin_protected_9DE6C1F.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral196
Sample
bin_protected_9DE6C1F.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral197
Sample
devis.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral198
Sample
devis.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral199
Sample
dhl_doc7348255141.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral200
Sample
dhl_doc7348255141.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral201
Sample
documento.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral202
Sample
documento.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral203
Sample
new order -85486.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral204
Sample
new order -85486.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral205
Sample
payment 000012223.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral206
Sample
payment 000012223.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral207
Sample
po 23232 signed.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral208
Sample
po 23232 signed.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral209
Sample
products inquiry.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral210
Sample
products inquiry.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral211
Sample
products_inquiry.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral212
Sample
products_inquiry.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral213
Sample
proforma invoice.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral214
Sample
proforma invoice.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral215
Sample
purchase order RFQ-HL51L07..exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral216
Sample
purchase order RFQ-HL51L07..exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral217
Sample
shipping doc.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral218
Sample
shipping doc.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral219
Sample
statement of account.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral220
Sample
statement of account.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral221
Sample
swift.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral222
Sample
swift.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral223
Sample
swiftcopy 433.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral224
Sample
swiftcopy 433.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral225
Sample
swiftcopy.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral226
Sample
swiftcopy.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral227
Sample
updated statement.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral228
Sample
updated statement.exe
Resource
win10v200217
windows10_x64
Behavioral task
behavioral229
Sample
w3TM24p.exe
Resource
win7v200217
windows7_x64
Behavioral task
behavioral230
Sample
w3TM24p.exe
Resource
win10v200217
windows10_x64
General
-
Target
SP3-139-V128 ORDER.exe
-
Size
623KB
-
MD5
ada6dac710065598c4c5be654823cfa8
-
SHA1
cc5ca7f098b329a5045678b19cb13febbe30ab9e
-
SHA256
780de9dbdc4a6adf0fc709f365715fcc86f40a675834a3ba602ff11e20f72505
-
SHA512
ccd4011b1a8f9b893096c53ef0caede2fe34faf059db41cb455f3a1be864c55620620d4a2bf26f3b9924218b2fff7b9ed7f88262fe724b5ece53c15748146ed1
Malware Config
Signatures
-
Loads dropped DLL 10 IoCs
Processes:
SP3-139-V128 ORDER.exeLcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exeWerFault.exepid process 1852 SP3-139-V128 ORDER.exe 1852 SP3-139-V128 ORDER.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 860 LcbtqmFeKOyIlbQtma5.exe 860 LcbtqmFeKOyIlbQtma5.exe 1520 LcbtqmFeKOyIlbQtma5.exe 1432 WerFault.exe 1432 WerFault.exe 1432 WerFault.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
LcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exepid process 1864 LcbtqmFeKOyIlbQtma5.exe 860 LcbtqmFeKOyIlbQtma5.exe -
Suspicious use of SetThreadContext 2 IoCs
Processes:
LcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exedescription pid process target process PID 1864 set thread context of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 860 set thread context of 1652 860 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
LcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exeWerFault.exeRegAsm.exedescription pid process Token: SeDebugPrivilege 1864 LcbtqmFeKOyIlbQtma5.exe Token: SeDebugPrivilege 860 LcbtqmFeKOyIlbQtma5.exe Token: SeDebugPrivilege 1432 WerFault.exe Token: SeDebugPrivilege 2028 RegAsm.exe -
Suspicious behavior: EnumeratesProcesses 7331 IoCs
Processes:
LcbtqmFeKOyIlbQtma5.exepid process 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe 1864 LcbtqmFeKOyIlbQtma5.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
RegAsm.exepid process 2028 RegAsm.exe -
Adds Run entry to start application 2 TTPs 2 IoCs
Processes:
SP3-139-V128 ORDER.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce SP3-139-V128 ORDER.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" SP3-139-V128 ORDER.exe -
Suspicious use of WriteProcessMemory 128 IoCs
Processes:
SP3-139-V128 ORDER.exeLcbtqmFeKOyIlbQtma5.execsc.execsc.execmd.exedescription pid process target process PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1852 wrote to memory of 1864 1852 SP3-139-V128 ORDER.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1924 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1924 wrote to memory of 1956 1924 csc.exe cvtres.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1864 wrote to memory of 1976 1864 LcbtqmFeKOyIlbQtma5.exe csc.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1976 wrote to memory of 2008 1976 csc.exe cvtres.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 2028 1864 LcbtqmFeKOyIlbQtma5.exe RegAsm.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 1864 wrote to memory of 604 1864 LcbtqmFeKOyIlbQtma5.exe cmd.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 604 wrote to memory of 1560 604 cmd.exe choice.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe PID 1864 wrote to memory of 860 1864 LcbtqmFeKOyIlbQtma5.exe LcbtqmFeKOyIlbQtma5.exe -
Executes dropped EXE 3 IoCs
Processes:
LcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exepid process 1864 LcbtqmFeKOyIlbQtma5.exe 860 LcbtqmFeKOyIlbQtma5.exe 1520 LcbtqmFeKOyIlbQtma5.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1432 1520 WerFault.exe LcbtqmFeKOyIlbQtma5.exe -
Drops startup file 2 IoCs
Processes:
LcbtqmFeKOyIlbQtma5.exeLcbtqmFeKOyIlbQtma5.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exe LcbtqmFeKOyIlbQtma5.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exe LcbtqmFeKOyIlbQtma5.exe -
Reads browser user data or profiles (possible credential harvesting) 2 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SP3-139-V128 ORDER.exe"C:\Users\Admin\AppData\Local\Temp\SP3-139-V128 ORDER.exe"1⤵
- Loads dropped DLL
- Adds Run entry to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe2⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
- Drops startup file
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n5jrnkah\n5jrnkah.cmdline"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE011.tmp" "c:\Users\Admin\AppData\Local\Temp\n5jrnkah\CSCE7C3AD1F9C4A44F49AF926D1327D163.TMP"4⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\42vu2osh\42vu2osh.cmdline"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE33C.tmp" "c:\Users\Admin\AppData\Local\Temp\42vu2osh\CSC931B207E12564399AEF92E35A28DAFB6.TMP"4⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 34⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe"3⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Executes dropped EXE
- Drops startup file
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3kyel5tn\3kyel5tn.cmdline"4⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBF1.tmp" "c:\Users\Admin\AppData\Local\Temp\3kyel5tn\CSC745E6DEB450A4463B0673C4DC423CEC8.TMP"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fknef3hu\fknef3hu.cmdline"4⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD48.tmp" "c:\Users\Admin\AppData\Local\Temp\fknef3hu\CSCBD7A492558E949639EB96A093F6864.TMP"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe"4⤵
-
C:\Windows\SysWOW64\choice.exechoice /C Y /N /D Y /T 35⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe"C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe"4⤵
- Loads dropped DLL
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 6805⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\3kyel5tn\3kyel5tn.dll
-
C:\Users\Admin\AppData\Local\Temp\42vu2osh\42vu2osh.dll
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtm
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
C:\Users\Admin\AppData\Local\Temp\RESBF1.tmp
-
C:\Users\Admin\AppData\Local\Temp\RESD48.tmp
-
C:\Users\Admin\AppData\Local\Temp\RESE011.tmp
-
C:\Users\Admin\AppData\Local\Temp\RESE33C.tmp
-
C:\Users\Admin\AppData\Local\Temp\fknef3hu\fknef3hu.dll
-
C:\Users\Admin\AppData\Local\Temp\n5jrnkah\n5jrnkah.dll
-
\??\c:\Users\Admin\AppData\Local\Temp\3kyel5tn\3kyel5tn.0.cs
-
\??\c:\Users\Admin\AppData\Local\Temp\3kyel5tn\3kyel5tn.cmdline
-
\??\c:\Users\Admin\AppData\Local\Temp\3kyel5tn\CSC745E6DEB450A4463B0673C4DC423CEC8.TMP
-
\??\c:\Users\Admin\AppData\Local\Temp\42vu2osh\42vu2osh.0.cs
-
\??\c:\Users\Admin\AppData\Local\Temp\42vu2osh\42vu2osh.cmdline
-
\??\c:\Users\Admin\AppData\Local\Temp\42vu2osh\CSC931B207E12564399AEF92E35A28DAFB6.TMP
-
\??\c:\Users\Admin\AppData\Local\Temp\fknef3hu\CSCBD7A492558E949639EB96A093F6864.TMP
-
\??\c:\Users\Admin\AppData\Local\Temp\fknef3hu\fknef3hu.0.cs
-
\??\c:\Users\Admin\AppData\Local\Temp\fknef3hu\fknef3hu.cmdline
-
\??\c:\Users\Admin\AppData\Local\Temp\n5jrnkah\CSCE7C3AD1F9C4A44F49AF926D1327D163.TMP
-
\??\c:\Users\Admin\AppData\Local\Temp\n5jrnkah\n5jrnkah.0.cs
-
\??\c:\Users\Admin\AppData\Local\Temp\n5jrnkah\n5jrnkah.cmdline
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
\Users\Admin\AppData\Local\Temp\IXP000.TMP\LcbtqmFeKOyIlbQtma5.exe
-
memory/1432-38-0x0000000002130000-0x0000000002141000-memory.dmpFilesize
68KB
-
memory/1432-41-0x0000000002930000-0x0000000002941000-memory.dmpFilesize
68KB
-
memory/2028-16-0x0000000000400000-0x000000000044E000-memory.dmpFilesize
312KB
-
memory/2028-17-0x0000000000400000-0x000000000044E000-memory.dmpFilesize
312KB
-
memory/2028-18-0x0000000000400000-0x000000000044E000-memory.dmpFilesize
312KB