f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9 | Triage

Analysis

max time kernel
39s
max time network
52s
platform
windows7_x64
resource
win7v200430
submitted
30-06-2020 05:25

Sharing

Report Analysis Logs

General

Target

Consignment Details.exe
Size

272KB
MD5

45f737c6d7e5c4f0875fde62b51f1662
SHA1

cdd82088b560caa55e17dd4714a5ffc394ec0db9
SHA256

f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9
SHA512

168a3d7831a1543df92d7bb686ea7587e49d182be180c9bc329e65e8df2227c7da6a4a0ef6e9052ec8a05975356fd167a1340122cc936ba23a59688eb013ad0a

Score

5^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Consignment Details.exe

description pid process

Token: SeDebugPrivilege 1388 Consignment Details.exe
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

Consignment Details.exe

pid process

1388 Consignment Details.exe
1388 Consignment Details.exe
1388 Consignment Details.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

Consignment Details.exe

description	pid	process	target process
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe
PID 1388 wrote to memory of 784	1388	Consignment Details.exe	Consignment Details.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

Consignment Details.exe

description pid process target process

PID 1388 set thread context of 784 1388 Consignment Details.exe Consignment Details.exe

C:\Users\Admin\AppData\Local\Temp\Consignment Details.exe
"C:\Users\Admin\AppData\Local\Temp\Consignment Details.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1388

C:\Users\Admin\AppData\Local\Temp\Consignment Details.exe
"C:\Users\Admin\AppData\Local\Temp\Consignment Details.exe"
2⤵
PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/784-4-0x00000000004139DE-mapping.dmp

Download
memory/1388-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download