9add2a18d24644570fc7a754eb3e72052ada8d540bd23be205eb501bf3f02a31

Analysis

max time kernel
130s
max time network
137s
platform
windows7_x64
resource
win7
submitted
30-06-2020 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Order purchase list.exe
Size

402KB
MD5

4a772b183e9988be868319c441faf55e
SHA1

b908a4ca5925548e62d8bbf194de7ca0b47d62e7
SHA256

9add2a18d24644570fc7a754eb3e72052ada8d540bd23be205eb501bf3f02a31
SHA512

4e2183ff85adcd407fd5f411f4d1e1f74c51b3034223533094e4b6279e710f961e91e0e7be528441dc771df334b84f8c2a4520823e647e84c62e219b914b0f7f

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Order purchase list.exe

pid process

608 Order purchase list.exe
608 Order purchase list.exe
608 Order purchase list.exe
608 Order purchase list.exe
608 Order purchase list.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Order purchase list.exe

description pid process

Token: SeDebugPrivilege 608 Order purchase list.exe

pid	process
608	Order purchase list.exe
608	Order purchase list.exe
608	Order purchase list.exe
608	Order purchase list.exe
608	Order purchase list.exe

description	pid	process
Token: SeDebugPrivilege	608	Order purchase list.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Order purchase list.exe

description	pid	process	target process
PID 608 wrote to memory of 1508	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1508	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1508	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1508	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1600	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1600	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1600	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 1600	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 452	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 452	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 452	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 452	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 876	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 876	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 876	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 876	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 340	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 340	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 340	608	Order purchase list.exe	Order purchase list.exe
PID 608 wrote to memory of 340	608	Order purchase list.exe	Order purchase list.exe

C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe
"C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:608

C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe
"{path}"
2⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe
"{path}"
2⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe
"{path}"
2⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe
"{path}"
2⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Order purchase list.exe
"{path}"
2⤵
PID:340

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads