Analysis
-
max time kernel
75s -
max time network
74s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
03-05-2021 05:40
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BL,INV and packing list.jpg.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Shipment Document BL,INV and packing list.jpg.exe
Resource
win10v20210410
General
-
Target
Shipment Document BL,INV and packing list.jpg.exe
-
Size
644KB
-
MD5
a1d72771e8c5bfb81ce86c19bb31b79e
-
SHA1
c03b133bfeb72c764fd4fb33f50f4c7c87d25908
-
SHA256
cb5d45a2aff741e92a19428d7b5c5dbec63183e42035b190d732c3dd7d75918a
-
SHA512
1fcb69604200a38304b2802cff6e50695db62696004b8f3718f94855ebe4a46dbf3ee9113862b325894962b44e6885409bace5a2fe1cd16b73a72b25db6abad5
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/1888-64-0x00000000009F0000-0x0000000000A11000-memory.dmp agile_net -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
Shipment Document BL,INV and packing list.jpg.exepid process 1888 Shipment Document BL,INV and packing list.jpg.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Shipment Document BL,INV and packing list.jpg.exedescription pid process Token: SeDebugPrivilege 1888 Shipment Document BL,INV and packing list.jpg.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1888-60-0x0000000001000000-0x0000000001001000-memory.dmpFilesize
4KB
-
memory/1888-62-0x0000000004B30000-0x0000000004B31000-memory.dmpFilesize
4KB
-
memory/1888-64-0x00000000009F0000-0x0000000000A11000-memory.dmpFilesize
132KB
-
memory/1888-65-0x0000000004B31000-0x0000000004B32000-memory.dmpFilesize
4KB