Overview

overview

10

Static

static

PURCHASE ORDER.exe

windows7_x64

10

PURCHASE ORDER.exe

windows10_x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    31-07-2020 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PURCHASE ORDER.exe

  • Size

    480KB

  • MD5

    68a39c3c66241675061f8d052c6fe4e7

  • SHA1

    4cf37ba99dd0a55045c2985b37a5fe64ef363120

  • SHA256

    f5bc5555d6b03bad237a916d07e05148d44cae649e932726a15ea1595fa60f4b

  • SHA512

    38318fc371040bdcdc6bd313b57b5e26eb7cec31b62e0d36882cb105cd3d6d7adb2dedc995b257a21589201be4ade904dd7d3b09f5e26d1062767eb97f542d39

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PURCHASE ORDER.exe
    "C:\Users\Admin\AppData\Local\Temp\PURCHASE ORDER.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 1200
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4036-0-0x0000000004970000-0x0000000004971000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4036-1-0x00000000051A0000-0x00000000051A1000-memory.dmp
    Filesize

    4KB

    Download