ce97e49dca586f267017b8d8778e65e58ca39162d738f696704ce287ad502d9b | Triage

Analysis

max time kernel
14s
max time network
104s
platform
windows10_x64
resource
win10v20201028
submitted
18-01-2021 18:29

Sharing

Report Analysis Logs

General

Target

INVOICE-PDF- SCAN COPY.exe
Size

1.5MB
MD5

e6a1db28e3fa9241f8a37fc24a6bd0e7
SHA1

7c3c1c035d5022f035928fba257af94fe4ad81c6
SHA256

ce97e49dca586f267017b8d8778e65e58ca39162d738f696704ce287ad502d9b
SHA512

b3faf1f325fa73d685ce8a44f48d886198c2a07c12aa11c77d017c5f078fa8806f7fd944777dc5a017cdddda356b32c62a2d5a9c7d2df03d6d17c8a55bc03c01

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

Processes:

INVOICE-PDF- SCAN COPY.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.url	INVOICE-PDF- SCAN COPY.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

INVOICE-PDF- SCAN COPY.exe

pid process

1144 INVOICE-PDF- SCAN COPY.exe
1144 INVOICE-PDF- SCAN COPY.exe
1144 INVOICE-PDF- SCAN COPY.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

INVOICE-PDF- SCAN COPY.exe

pid process

1144 INVOICE-PDF- SCAN COPY.exe
1144 INVOICE-PDF- SCAN COPY.exe
1144 INVOICE-PDF- SCAN COPY.exe

C:\Users\Admin\AppData\Local\Temp\INVOICE-PDF- SCAN COPY.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-PDF- SCAN COPY.exe"
1⤵
- Drops startup file
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1144

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-2-0x0000000000FD0000-0x0000000000FF1000-memory.dmp

Filesize
132KB

Download
memory/1144-3-0x0000000001000000-0x0000000001003000-memory.dmp

Filesize
12KB

Download