77edc9558f41f26d6b1586ca2fea51861a67de17a50f9494090070285e1f0c43

General

Target

Order Inquiry List.exe
Size

1.1MB
MD5

5a82e2c1d04b28f1d1c7861b231ccfce
SHA1

39adba5bb7a9585d50993a6264f05aecafcd0a92
SHA256

77edc9558f41f26d6b1586ca2fea51861a67de17a50f9494090070285e1f0c43
SHA512

b32280588cbb9e128ba84c800252edca5736c714ff90d9f710ab684537621c99e63c2e4fe41f36c3313098f20d710661b483bdfbd5e35dbc4410d4bcc339f1ba

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Order Inquiry List.exe

pid process

1400 Order Inquiry List.exe
1400 Order Inquiry List.exe
1400 Order Inquiry List.exe
1400 Order Inquiry List.exe
1400 Order Inquiry List.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Order Inquiry List.exe

description pid process

Token: SeDebugPrivilege 1400 Order Inquiry List.exe

pid	process
1400	Order Inquiry List.exe
1400	Order Inquiry List.exe
1400	Order Inquiry List.exe
1400	Order Inquiry List.exe
1400	Order Inquiry List.exe

description	pid	process
Token: SeDebugPrivilege	1400	Order Inquiry List.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Order Inquiry List.exe

description	pid	process	target process
PID 1400 wrote to memory of 1960	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1960	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1960	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1960	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1936	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1936	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1936	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1936	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1916	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1916	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1916	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1916	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1920	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1920	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1920	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1920	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1988	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1988	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1988	1400	Order Inquiry List.exe	Order Inquiry List.exe
PID 1400 wrote to memory of 1988	1400	Order Inquiry List.exe	Order Inquiry List.exe

C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe
"C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1400

C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe
"C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe"
2⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe
"C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe"
2⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe
"C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe"
2⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe
"C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe"
2⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe
"C:\Users\Admin\AppData\Local\Temp\Order Inquiry List.exe"
2⤵
PID:1988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-0-0x0000000074560000-0x0000000074C4E000-memory.dmp

Filesize
6.9MB

Download
memory/1400-1-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1400-3-0x00000000002D0000-0x00000000002DB000-memory.dmp

Filesize
44KB

Download
memory/1400-4-0x0000000005580000-0x0000000005670000-memory.dmp

Filesize
960KB

Download
memory/1400-5-0x0000000005810000-0x00000000058D4000-memory.dmp

Filesize
784KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads