Analysis
-
max time kernel
108s -
max time network
113s -
platform
windows10_x64 -
resource
win10v200217 -
submitted
29-03-2020 21:47
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE AND PACKING LIST PDF.exe
Resource
win7v200217
windows7_x64
0 signatures
0 seconds
General
-
Target
INVOICE AND PACKING LIST PDF.exe
-
Size
824KB
-
MD5
51a4abeb33785f07ea531248035bf602
-
SHA1
671cbb4a7341d7ca9138c87f22c517b8a54c126f
-
SHA256
13b46d9524b436eb825c317fde69b0710f295ab95ead1e9d5c4babe39d9287f8
-
SHA512
fb6d606492aec3e5ba74c804627a856a10b01b815f65cdcf2b439253b88263d5c0f172a8a173079d3306d4625a73105d25243024ae1c2e63ca7df08aefb70880
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
INVOICE AND PACKING LIST PDF.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paint.lnk INVOICE AND PACKING LIST PDF.exe -
Drops file in Program Files directory 460 IoCs
Processes:
INVOICE AND PACKING LIST PDF.exedescription ioc process File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vFLTLDR.EXE INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vpolicytool.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\javacpl.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\vjp2launcher.ico INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\vAppVShNotify.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\vjstatd.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\RCXA5E4.tmp INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\7-Zip\RCX9BE3.tmp INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vwsgen.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0 INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\RCX9D8E.tmp INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\vjstack.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vrmid.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vjjs.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\vpolicytool.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\vrmid.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Microsoft Office 15\ClientX64\vIntegratedOffice.ico INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vktab.ico INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\vjavaw.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0 INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office\root\Flattener\Flattener.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\vorbd.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Microsoft Office\root\Integration\vIntegrator.ico INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\RCXA301.tmp INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\vpack200.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\vidlj.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\vOSE.EXE INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office 15\ClientX64\RCXAA51.tmp INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vjabswitch.ico INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\RCXA8B3.tmp INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vjavaw.ico INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\vjmap.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\policytool.exe INVOICE AND PACKING LIST PDF.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\vrmiregistry.ico INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\vserialver.exe INVOICE AND PACKING LIST PDF.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\ktab.exe INVOICE AND PACKING LIST PDF.exe -
Drops file in Windows directory 1 IoCs
Processes:
INVOICE AND PACKING LIST PDF.exedescription ioc process File opened for modification C:\Windows\bfsvc.exe INVOICE AND PACKING LIST PDF.exe -
Processes:
INVOICE AND PACKING LIST PDF.exedescription ioc process File opened for modification C:\autorun.inf INVOICE AND PACKING LIST PDF.exe