bc5f360a2a8da9462d0509aab3b46b3fda11bc6b94a3bda8e5aa7be625aa08a9

General

Target

Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
Size

667KB
MD5

d3369a2c24a7af7468ed5ae72bf66b96
SHA1

3001c674481ee2780bc52ba30621e45646759745
SHA256

bc5f360a2a8da9462d0509aab3b46b3fda11bc6b94a3bda8e5aa7be625aa08a9
SHA512

8b709a04c72c0fa507695bf086e00530e67d12f6cf90311e56494d93a1f4f8eca1c307f72dd1384256f327ce3dfc4bfcf4e4968ad77a7396006f0df92e1a7594

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
484	schtasks.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 484	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	69
PID 3780 wrote to memory of 484	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	69
PID 3780 wrote to memory of 2660	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	71
PID 3780 wrote to memory of 2660	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	71
PID 3780 wrote to memory of 2236	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	72
PID 3780 wrote to memory of 2236	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	72
PID 3780 wrote to memory of 2240	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	73
PID 3780 wrote to memory of 2240	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	73
PID 3780 wrote to memory of 3104	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	74
PID 3780 wrote to memory of 3104	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	74
PID 3780 wrote to memory of 3608	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	75
PID 3780 wrote to memory of 3608	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe	75

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3780	Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe

C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
"C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
PID:3780
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\LxPToXCo" /XML "C:\Users\Admin\AppData\Local\Temp\tmpDC80.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:484
- C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
  "{path}"
  2⤵
  PID:2660
- C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
  "{path}"
  2⤵
  PID:2236
- C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
  "{path}"
  2⤵
  PID:2240
- C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
  "{path}"
  2⤵
  PID:3104
- C:\Users\Admin\AppData\Local\Temp\Maersk-Update 92 on the impact of COVID-19-India Nepal and Bhutan- MSL - Update 92.exe
  "{path}"
  2⤵
  PID:3608