Overview

overview

8

Static

static

New FedEx ...ew.exe

windows7_x64

8

New FedEx ...ew.exe

windows10_x64

8

Analysis

  • max time kernel
    139s
  • max time network
    106s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New FedEx paper work review.exe

  • Size

    792KB

  • MD5

    c359c954a7d104b0a1bde867f86e73a5

  • SHA1

    e647c8aa88a7209463b0dd0daa733759a529806d

  • SHA256

    306602e7317841b219d25b24ca14f9e50987fe9c9e48b3728bb548dea4557f9d

  • SHA512

    8f48d07be0342db4a946b5c74598eb5dbe565bbf0c7ed2a5f6b5ab7b99577f0e8463004f601d0286bcaebf5a673e18e83d9b8f319e5566f28b59e2ebc3a18644

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New FedEx paper work review.exe
    "C:\Users\Admin\AppData\Local\Temp\New FedEx paper work review.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\Users\Admin\AppData\Local\Temp\New FedEx paper work review.exe
      "C:\Users\Admin\AppData\Local\Temp\New FedEx paper work review.exe"
      2⤵
      • Drops file in Drivers directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New FedEx paper work review.exe.log
    MD5

    90acfd72f14a512712b1a7380c0faf60

    SHA1

    40ba4accb8faa75887e84fb8e38d598dc8cf0f12

    SHA256

    20806822f0c130b340504132c1461b589261fbbc518e468f4f90733ab514cb86

    SHA512

    29dbf85e14e60868574cb4dc9bda83d3c229fb956733d8d2557f2475ee0e690ac9c2e72f31e02284996da6906ba2dbfa382a29b04c15a2406571d8ee19ad16b9

    Download Submit
  • memory/1144-9-0x0000000004ED0000-0x0000000004ED1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1144-11-0x0000000005AC0000-0x0000000005B35000-memory.dmp
    Filesize

    468KB

    Download
  • memory/1144-6-0x00000000051C0000-0x00000000051C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1144-7-0x0000000004D60000-0x0000000004D61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1144-8-0x0000000004BE0000-0x0000000004BE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1144-2-0x0000000073A80000-0x000000007416E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1144-10-0x0000000004D40000-0x0000000004D52000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1144-5-0x0000000004C20000-0x0000000004C21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1144-3-0x0000000000310000-0x0000000000311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-13-0x000000000043772E-mapping.dmp
    Download
  • memory/2688-12-0x0000000000400000-0x000000000043C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/2688-15-0x0000000073A80000-0x000000007416E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2688-20-0x0000000005CC0000-0x0000000005CC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2688-21-0x0000000006570000-0x0000000006571000-memory.dmp
    Filesize

    4KB

    Download