Analysis

  • max time kernel
    18s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 07:33

General

  • Target

    PO-Scan-Documents00012910993993.exe

  • Size

    177KB

  • MD5

    a2c17f6556ae89a8a1683f889bffc7e9

  • SHA1

    cf2aa59cc8e074dfd3d72b052beef746aba1fe6a

  • SHA256

    4c61692f5b36f6b2b136958c7c315113899a1bdb1cfe7415f37c0acfdaab01a7

  • SHA512

    9f18670e24387969db2fee5cbc9698cfdac86997d1b5ac63e39cf973e0170473440ed3cd0a130ab00b339bf89802b14da425f52bb5c62c651eea0c486a993b37

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO-Scan-Documents00012910993993.exe
    "C:\Users\Admin\AppData\Local\Temp\PO-Scan-Documents00012910993993.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Users\Admin\AppData\Local\Temp\PO-Scan-Documents00012910993993.exe
      "C:\Users\Admin\AppData\Local\Temp\PO-Scan-Documents00012910993993.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:980
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\install.vbs"
        3⤵
          PID:620

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads