Analysis
-
max time kernel
134s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
10-07-2020 07:41
Static task
static1
Behavioral task
behavioral1
Sample
Payment_details.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Payment_details.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Payment_details.exe
-
Size
1.5MB
-
MD5
c0418cf3c3252f74c1fb01e273c1fb12
-
SHA1
0dda517deda93a3fd0657284857d001ad8572d43
-
SHA256
90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0
-
SHA512
4f4ef54cc3380234330c8962cc97913782dac7bd948e50a32501c84d493ff923796ac1822b6e5ba0465f0903f4d221af0fb9bf92595165df78f68937158cd1bc
Score
6/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Payment_details.exedescription pid process target process PID 792 wrote to memory of 3000 792 Payment_details.exe ieinstal.exe PID 792 wrote to memory of 3000 792 Payment_details.exe ieinstal.exe PID 792 wrote to memory of 3000 792 Payment_details.exe ieinstal.exe -
Adds Run entry to start application 2 TTPs 1 IoCs
Processes:
Payment_details.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gkrr = "C:\\Users\\Admin\\AppData\\Local\\Gkrr\\Gkrr.hta" Payment_details.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Payment_details.exe"C:\Users\Admin\AppData\Local\Temp\Payment_details.exe"1⤵
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
PID:792 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵PID:3000