5c9b22633bb9c7f20fcd928e0093ac5debd1dabd7f42daa479725b5f2db38e91

Analysis

Target

ORDER06JUL2020.exe
Size

988KB
MD5

d15eff3ce503230404b143cbe4a9d84b
SHA1

d8c57455b66192ca6da4c8402adc870cac30c361
SHA256

5c9b22633bb9c7f20fcd928e0093ac5debd1dabd7f42daa479725b5f2db38e91
SHA512

947c8ffefab661dcd6aeb8cd36cb2a6bfcf45063299162c664e5fee5dffd26da6c81b86774ac6f12abb8cf402947181ca551154a8ac697f1fc667f19d67e07ad

Score

8^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1092	ORDER06JUL2020.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1248	1092	ORDER06JUL2020.exe	24
PID 1092 wrote to memory of 1248	1092	ORDER06JUL2020.exe	24
PID 1092 wrote to memory of 1248	1092	ORDER06JUL2020.exe	24
PID 1092 wrote to memory of 1248	1092	ORDER06JUL2020.exe	24

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1092	ORDER06JUL2020.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1092 set thread context of 1248	1092	ORDER06JUL2020.exe	24

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1248-0-0x0000000000400000-0x000000000051E000-memory.dmp	upx
behavioral1/memory/1248-2-0x0000000000400000-0x000000000051E000-memory.dmp	upx
behavioral1/memory/1248-3-0x0000000000400000-0x000000000051E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe
"C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1092
- C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe
  "C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe"
  2⤵
  PID:1248

memory/1248-0-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1248-2-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1248-3-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/1248-4-0x0000000001E10000-0x0000000001E98000-memory.dmp

Filesize
544KB

Download
memory/1248-5-0x0000000000242000-0x0000000000243000-memory.dmp

Filesize
4KB

Download
memory/1248-6-0x0000000000300000-0x0000000000384000-memory.dmp

Filesize
528KB

Download