Overview

overview

10

Static

static

New order.PDF.exe

windows7_x64

1

New order.PDF.exe

windows10_x64

10

Analysis

  • max time kernel
    40s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    25-01-2021 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New order.PDF.exe

  • Size

    873KB

  • MD5

    7c21986ff989bc5d9d26f9a58fc88550

  • SHA1

    02b3027c1467b16ce0ef9fc8dc4b65b3aff72d74

  • SHA256

    606eeab956905f8a7f4ef02f7418e9a6ac4facbd2445fd1e3a1cb00a94113525

  • SHA512

    316e1e62fd3a26200c3d9318946384f081d6b9fe904972375966ffb56ab15d9b2e5251647c74e86f63866ff3765dbe1d31d899a0b750d754a9ca3d521855c9ea

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe
      "{path}"
      2⤵
        PID:1452
      • C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe
        "{path}"
        2⤵
          PID:1564
        • C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe
          "{path}"
          2⤵
            PID:596
          • C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe
            "{path}"
            2⤵
              PID:1748
            • C:\Users\Admin\AppData\Local\Temp\New order.PDF.exe
              "{path}"
              2⤵
                PID:340

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1044-2-0x0000000074110000-0x00000000747FE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/1044-3-0x00000000003A0000-0x00000000003A1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1044-5-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1044-6-0x0000000000390000-0x000000000039E000-memory.dmp
              Filesize

              56KB

              Download
            • memory/1044-7-0x0000000005560000-0x00000000055E9000-memory.dmp
              Filesize

              548KB

              Download