Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
11-07-2020 06:09
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.bat.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Purchase Order.bat.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Purchase Order.bat.exe
-
Size
636KB
-
MD5
ace1743de37105aeb5e6cf139a027e5a
-
SHA1
556199c8f60b485e6310a93747f7e16c01fca892
-
SHA256
b48c6ee90905955194c2864cd4ff8618c7df2a301df6740ce9f9065f5cb04fa9
-
SHA512
a73572da43f5c293a22f4a7baad52da8df169fa72567736816d28eb289ea91847419cb5278c6eb9d184d14380e867a30580a487922daacf32a1462242271a708
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
Purchase Order.bat.exepid process 3676 Purchase Order.bat.exe 3676 Purchase Order.bat.exe 3676 Purchase Order.bat.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Purchase Order.bat.exedescription pid process target process PID 3676 wrote to memory of 3440 3676 Purchase Order.bat.exe cmd.exe PID 3676 wrote to memory of 3440 3676 Purchase Order.bat.exe cmd.exe PID 3676 wrote to memory of 3440 3676 Purchase Order.bat.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Purchase Order.bat.exe"C:\Users\Admin\AppData\Local\Temp\Purchase Order.bat.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3440-2-0x0000000000000000-mapping.dmp