Overview

overview

10

Static

static

PO_610.20-...DF.exe

windows7_x64

5

PO_610.20-...DF.exe

windows10_x64

10

Analysis

  • max time kernel
    60s
  • max time network
    60s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    20-01-2021 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO_610.20-21.A2424.UP_PDF.exe

  • Size

    297KB

  • MD5

    3ea0aeab9cc01933b5ba3f78e8ceddb4

  • SHA1

    ecd362b4af516f2855607326ffcf684355ec4762

  • SHA256

    feb7ef6e6c842b97b92c82fdba89499c252cc9414874efc7fafae8389dbf0538

  • SHA512

    455f749c00be8dc2108c60f18efd5217b5eb2bf7414871ad82c50a84419d04934702893e90f95adfbcde89bf677c0d78cb636b86670192179327da2ac13d2170

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO_610.20-21.A2424.UP_PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\PO_610.20-21.A2424.UP_PDF.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Users\Admin\AppData\Local\Temp\PO_610.20-21.A2424.UP_PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\PO_610.20-21.A2424.UP_PDF.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1308
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 36
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1308-2-0x000000000008D070-mapping.dmp

    Download

  • memory/1808-3-0x0000000000000000-mapping.dmp

    Download

  • memory/1808-4-0x0000000001CD0000-0x0000000001CE1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1808-5-0x00000000023F0000-0x0000000002401000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1808-6-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1808-7-0x00000000023F0000-0x0000000002401000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1808-8-0x0000000001E50000-0x0000000001E51000-memory.dmp

    Filesize

    4KB

    Download