Analysis
-
max time kernel
105s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
28-02-2021 03:30
Static task
static1
Behavioral task
behavioral1
Sample
Additional DHL shipment Delivery Parcel.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Additional DHL shipment Delivery Parcel.exe
-
Size
510KB
-
MD5
b2fd9aab2f1597f74abda918ddc52f89
-
SHA1
acdf16e4c3a8e0428f7cf1934fdcfe0731b2fc28
-
SHA256
b5ac8902c4d239f5f72366876e99a586d3aaafe45c9a9e098c8ded9a2db7615c
-
SHA512
3297c94b09f6845905f621020821c0ae05a95a0c4e96436f57460aeae5786e7be3acf1d159a0b2282636e2d765715d8d4242be80cfa549fa5d301d05baa175ff
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
Additional DHL shipment Delivery Parcel.exepid process 1832 Additional DHL shipment Delivery Parcel.exe 1832 Additional DHL shipment Delivery Parcel.exe 1832 Additional DHL shipment Delivery Parcel.exe 1832 Additional DHL shipment Delivery Parcel.exe 1832 Additional DHL shipment Delivery Parcel.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Additional DHL shipment Delivery Parcel.exedescription pid process Token: SeDebugPrivilege 1832 Additional DHL shipment Delivery Parcel.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
Additional DHL shipment Delivery Parcel.exedescription pid process target process PID 1832 wrote to memory of 1072 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1072 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1072 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1072 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1632 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1632 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1632 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1632 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1636 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1636 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1636 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 1636 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 396 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 396 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 396 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 396 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 432 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 432 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 432 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe PID 1832 wrote to memory of 432 1832 Additional DHL shipment Delivery Parcel.exe Additional DHL shipment Delivery Parcel.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"C:\Users\Admin\AppData\Local\Temp\Additional DHL shipment Delivery Parcel.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1832-2-0x0000000073980000-0x000000007406E000-memory.dmpFilesize
6.9MB
-
memory/1832-3-0x0000000000170000-0x0000000000171000-memory.dmpFilesize
4KB
-
memory/1832-5-0x0000000000490000-0x0000000000491000-memory.dmpFilesize
4KB
-
memory/1832-6-0x00000000004D0000-0x00000000004D3000-memory.dmpFilesize
12KB
-
memory/1832-7-0x00000000049B0000-0x0000000004A04000-memory.dmpFilesize
336KB