Overview

overview

10

Static

static

PO.2021070...om.exe

windows7_x64

1

PO.2021070...om.exe

windows10_x64

10

Analysis

  • max time kernel
    114s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    07-04-2021 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO.20210704_quick shipment.com.exe

  • Size

    795KB

  • MD5

    8f28453a1e07da3f8e04aa4fdf0f7495

  • SHA1

    ef2d3361edba3da14a33795a27872ccb0c91f54a

  • SHA256

    8ad1ee75b0e6ad7140aed361cc0000ff540f01fc4e63591a64ccbeedc31dcaa8

  • SHA512

    d14e8c5d0790be2917feaf9a001367811b1d4229930f169b47b52f24449da2ea4e0ac718d06f57aaa5d802891f5776e06620a1e53755d88df2fe012a60c443c0

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe
    "C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe
      "C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe"
      2⤵
        PID:436
      • C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe
        "C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe"
        2⤵
          PID:416
        • C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe
          "C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe"
          2⤵
            PID:1160
          • C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe
            "C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe"
            2⤵
              PID:1112
            • C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe
              "C:\Users\Admin\AppData\Local\Temp\PO.20210704_quick shipment.com.exe"
              2⤵
                PID:1468

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1752-2-0x00000000741E0000-0x00000000748CE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/1752-3-0x00000000003C0000-0x00000000003C1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1752-5-0x0000000004CD0000-0x0000000004CD1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1752-6-0x000000007EF40000-0x000000007EF41000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1752-7-0x0000000001ED0000-0x0000000001ED4000-memory.dmp
              Filesize

              16KB

              Download
            • memory/1752-8-0x0000000005240000-0x00000000052E8000-memory.dmp
              Filesize

              672KB

              Download
            • memory/1752-9-0x00000000059C0000-0x0000000005A23000-memory.dmp
              Filesize

              396KB

              Download