Analysis
-
max time kernel
148s -
max time network
41s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
07-07-2020 12:44
General
-
Target
New Order no.83.exe
-
Size
524KB
-
MD5
f56fd625a6f5432271de65d3874af2e0
-
SHA1
aed3bc9c6d6f6e805eba4730c1ebd96cc28a117e
-
SHA256
6ed74e9cef6afae8b19f79eb97ba9acb97de44a6cf3ddf5e247b43e317f65ef8
-
SHA512
838e457766ebf38b212db8383ceb653a4ce628cf9f357cd05ab1d3383069660e0c43f32d631b091e1e2c7c15e677f2f764826ad3b56d33a9a52c4b635ad5c5de
Score
7/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
Processes
-
C:\Users\Admin\AppData\Local\Temp\New Order no.83.exe"C:\Users\Admin\AppData\Local\Temp\New Order no.83.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses