Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 19:38
Static task
static1
Behavioral task
behavioral1
Sample
30% Down payment order no. 7887009221 #inr24 ,pdf.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
30% Down payment order no. 7887009221 #inr24 ,pdf.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
30% Down payment order no. 7887009221 #inr24 ,pdf.exe
-
Size
680KB
-
MD5
b94dd0d4147bcaf3018a44156f85ec22
-
SHA1
91df3d3b91c4d85d1b325d7d0ba8a972e1070a9b
-
SHA256
7420ad79e1a0649a9732ef3db80460bfd50c2c95237e7c5e12815eed68de236f
-
SHA512
c80c7b46b142a29f8c1e24c11bfec391d8bb4597a25c9385fad734fa573ebab3d6733cdc3e7ef9de79c024b56a0a9c4f7c53c13d48b7a0ea39fef5e381257cc4
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
30% Down payment order no. 7887009221 #inr24 ,pdf.exepid process 1912 30% Down payment order no. 7887009221 #inr24 ,pdf.exe 1912 30% Down payment order no. 7887009221 #inr24 ,pdf.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
30% Down payment order no. 7887009221 #inr24 ,pdf.exedescription pid process Token: SeDebugPrivilege 1912 30% Down payment order no. 7887009221 #inr24 ,pdf.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1912-0-0x0000000074320000-0x0000000074A0E000-memory.dmpFilesize
6.9MB
-
memory/1912-1-0x0000000000820000-0x0000000000821000-memory.dmpFilesize
4KB
-
memory/1912-3-0x0000000002120000-0x000000000217E000-memory.dmpFilesize
376KB
-
memory/1912-4-0x0000000001E70000-0x0000000001E81000-memory.dmpFilesize
68KB