Resubmissions

03-06-2020 12:03

200603-9912c6qzfj 10

27-05-2020 16:08

200527-ebn7m547vs 10

08-05-2020 16:03

200508-9x7fd97kre 10

Analysis

  • max time kernel
    137s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    03-06-2020 12:03

General

  • Target

    PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe

  • Size

    781KB

  • MD5

    f31581564b5bbc14d3c862c2be157a52

  • SHA1

    64e62fe3198a16cb205acd31400af967ad3dd347

  • SHA256

    7c0f66eed3a2fc7c90ab5db03483aada693894a77a1480e22521ccf422a08ba3

  • SHA512

    ded28a91894313cbdd5678ec191c1e138d524ce3785ca96a255b2bc09cf5f18b8d287a48cf6b754d658f5ab70d95f933899208dc54c21f6b113a0e87200f3f1a

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
    "C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
      "{path}"
      2⤵
        PID:1616
      • C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
        "{path}"
        2⤵
          PID:1568
        • C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
          "{path}"
          2⤵
            PID:1564
          • C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
            "{path}"
            2⤵
              PID:1544
            • C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
              "{path}"
              2⤵
                PID:1584

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads