c0e957bd685417a90c9a53b926e2492a627b247357648d2a3857c6ce61630e20 | Triage

Analysis

max time kernel
126s
max time network
149s
platform
windows10_x64
resource
win10v200430
submitted
24-06-2020 15:05

Sharing

Report Analysis Logs

General

Target

2 Proforma Invoice INV7634543.PDF.exe
Size

1.2MB
MD5

3912647fddb49a822606a8f1f043c644
SHA1

c613bfb23a813d761785d4c9a22c83f8a4182898
SHA256

c0e957bd685417a90c9a53b926e2492a627b247357648d2a3857c6ce61630e20
SHA512

197a514a8a1665110e53e0d51b93a21850a787d72731953b8cd6068f4de0bd1180cbee4b5d682e62c4244cb2152e959305b52cd5f126b8649bdd97f45dcfd74e

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

2 Proforma Invoice INV7634543.PDF.exe

pid	process
1612	2 Proforma Invoice INV7634543.PDF.exe
1612	2 Proforma Invoice INV7634543.PDF.exe
1612	2 Proforma Invoice INV7634543.PDF.exe
1612	2 Proforma Invoice INV7634543.PDF.exe

Suspicious use of SendNotifyMessage 4 IoCs

Processes:

2 Proforma Invoice INV7634543.PDF.exe

pid	process
1612	2 Proforma Invoice INV7634543.PDF.exe
1612	2 Proforma Invoice INV7634543.PDF.exe
1612	2 Proforma Invoice INV7634543.PDF.exe
1612	2 Proforma Invoice INV7634543.PDF.exe

C:\Users\Admin\AppData\Local\Temp\2 Proforma Invoice INV7634543.PDF.exe
"C:\Users\Admin\AppData\Local\Temp\2 Proforma Invoice INV7634543.PDF.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...