eeb031ac5970b9792deb66aab1245c7b2dc682d72942d43c335a849d75c224f3

General

Target

Shipping Invoice.exe
Size

853KB
MD5

2a6aa0a5026ba0cb75c6a6c475b58da4
SHA1

01f3140e506a6b11bf9bd52bd3c49a8883d60690
SHA256

5f4e2a1354cd895b7deccd1e0e702bff02eee8aee5a388f98526b6e203ea131b
SHA512

e1a6530ddc0b8bb436d0104dc0b6c08f58ac20d1fa6029e1c2fcca5ed1fbfc34a49368412a609237f6180f2f4edd404d91b482d70cef3c71d321fb5601de3988

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

Shipping Invoice.exe

pid	process
1688	Shipping Invoice.exe
1688	Shipping Invoice.exe
1688	Shipping Invoice.exe
1688	Shipping Invoice.exe
1688	Shipping Invoice.exe
1688	Shipping Invoice.exe
1688	Shipping Invoice.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Shipping Invoice.exe

description pid process

Token: SeDebugPrivilege 1688 Shipping Invoice.exe

description	pid	process
Token: SeDebugPrivilege	1688	Shipping Invoice.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Shipping Invoice.exe

description	pid	process	target process
PID 1688 wrote to memory of 1552	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 1552	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 1552	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 1552	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 972	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 972	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 972	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 972	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 368	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 368	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 368	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 368	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 572	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 572	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 572	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 572	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 984	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 984	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 984	1688	Shipping Invoice.exe	Shipping Invoice.exe
PID 1688 wrote to memory of 984	1688	Shipping Invoice.exe	Shipping Invoice.exe

C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe"
2⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe"
2⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe"
2⤵
PID:368

C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe"
2⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Shipping Invoice.exe"
2⤵
PID:984

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-60-0x0000000075011000-0x0000000075013000-memory.dmp

Filesize
8KB

Download
memory/1688-61-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/1688-62-0x0000000000531000-0x0000000000532000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads