20e1f222ebae73bc71db60552d3733124fc5a2ce835ca2dde406c34217e6a061

Analysis

max time kernel
153s
max time network
41s
platform
windows7_x64
resource
win7v200722
submitted
31-07-2020 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PAYMENT ADVICE.pdf.exe
Size

394KB
MD5

1275d29213c2580894371739beb16148
SHA1

5591bfdbad8f70d177b2889f0242d858fafc7750
SHA256

20e1f222ebae73bc71db60552d3733124fc5a2ce835ca2dde406c34217e6a061
SHA512

341ca5b3cc511f01abbc671d973c83e3673ad1dd605b70771182b0c894d1979fb73259fec99e95d24205be87e1fb0ecd77bf1d3b9cfacd378ff794fe69c39280

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

PAYMENT ADVICE.pdf.exe

pid	process
1060	PAYMENT ADVICE.pdf.exe
1060	PAYMENT ADVICE.pdf.exe
1060	PAYMENT ADVICE.pdf.exe
1060	PAYMENT ADVICE.pdf.exe
1060	PAYMENT ADVICE.pdf.exe
1060	PAYMENT ADVICE.pdf.exe
1060	PAYMENT ADVICE.pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

PAYMENT ADVICE.pdf.exe

description	pid	process	target process
PID 1060 wrote to memory of 1832	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1832	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1832	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1832	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1848	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1848	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1848	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1848	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1840	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1840	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1840	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1840	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1744	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1744	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1744	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1744	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1852	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1852	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1852	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe
PID 1060 wrote to memory of 1852	1060	PAYMENT ADVICE.pdf.exe	PAYMENT ADVICE.pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PAYMENT ADVICE.pdf.exe

description pid process

Token: SeDebugPrivilege 1060 PAYMENT ADVICE.pdf.exe

description	pid	process
Token: SeDebugPrivilege	1060	PAYMENT ADVICE.pdf.exe

C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
PID:1060

C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe
"{path}"
2⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe
"{path}"
2⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe
"{path}"
2⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe
"{path}"
2⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\PAYMENT ADVICE.pdf.exe
"{path}"
2⤵
PID:1852

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads