Analysis
-
max time kernel
75s -
max time network
123s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 13:36
Static task
static1
Behavioral task
behavioral1
Sample
TNT INVOICE AND PACKING LIST_1.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
TNT INVOICE AND PACKING LIST_1.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
TNT INVOICE AND PACKING LIST_1.exe
-
Size
1.5MB
-
MD5
fff945c817bc37dfc7d9da5129f10d7c
-
SHA1
4a31e2c8b5362300f8a0f77523c313954b89d7ba
-
SHA256
ab261adafcaa48f8a9472a46e105f3a1a89f6b0291555e14448e445e058b9cc6
-
SHA512
afd3cf1189b5e6e6a152b1c7ca1e29008cdd014499fba88041824051c2e0106c80d665daa0af559d8f35219a303b4094a537acdfca5ce4dba0e3d00b127a296e
Score
6/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 587 IoCs
Processes:
TNT INVOICE AND PACKING LIST_1.exedescription pid process target process PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe PID 3904 wrote to memory of 3920 3904 TNT INVOICE AND PACKING LIST_1.exe ieinstal.exe -
Adds Run entry to start application 2 TTPs 1 IoCs
Processes:
TNT INVOICE AND PACKING LIST_1.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Lssq = "C:\\Users\\Admin\\AppData\\Local\\Lssq\\Lssq.hta" TNT INVOICE AND PACKING LIST_1.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TNT INVOICE AND PACKING LIST_1.exe"C:\Users\Admin\AppData\Local\Temp\TNT INVOICE AND PACKING LIST_1.exe"1⤵
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
PID:3904 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵PID:3920