Overview

overview

10

Static

static

Payment No...at.exe

windows7_x64

10

Payment No...at.exe

windows10_x64

3

Analysis

  • max time kernel
    129s
  • max time network
    93s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    10-07-2020 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Note.jpg.bat.exe

  • Size

    3.5MB

  • MD5

    0a58823cf240ad64edd991a378a3190d

  • SHA1

    37f333ef38ec5b0befea8082ee5f915ede76f9a6

  • SHA256

    1676e36eec12118ae10d1f090b6bf269d3f3c3ff771ecb0422231946415b2b13

  • SHA512

    5b0713b9b07f0fb6cd7f26fc154b85cd9ba66a7cc5223d8181e07dc2018addd45dbea243fff155c0d20d20f6013301e0938ffa638974402522d023bcfb650134

Score
3/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment Note.jpg.bat.exe
    "C:\Users\Admin\AppData\Local\Temp\Payment Note.jpg.bat.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:1636
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 1284
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      • Program crash
      PID:3760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3760-0-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3760-1-0x0000000004AC0000-0x0000000004AC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3760-3-0x0000000005200000-0x0000000005201000-memory.dmp
    Filesize

    4KB

    Download