Overview

overview

7

Static

static

Shipment D...pg.exe

windows7_x64

7

Shipment D...pg.exe

windows10_x64

7

Analysis

  • max time kernel
    75s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    03-05-2021 05:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Shipment Document BL,INV and packing list.jpg.exe

  • Size

    644KB

  • MD5

    a1d72771e8c5bfb81ce86c19bb31b79e

  • SHA1

    c03b133bfeb72c764fd4fb33f50f4c7c87d25908

  • SHA256

    cb5d45a2aff741e92a19428d7b5c5dbec63183e42035b190d732c3dd7d75918a

  • SHA512

    1fcb69604200a38304b2802cff6e50695db62696004b8f3718f94855ebe4a46dbf3ee9113862b325894962b44e6885409bace5a2fe1cd16b73a72b25db6abad5

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Shipment Document BL,INV and packing list.jpg.exe
    "C:\Users\Admin\AppData\Local\Temp\Shipment Document BL,INV and packing list.jpg.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1888-60-0x0000000001000000-0x0000000001001000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1888-62-0x0000000004B30000-0x0000000004B31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1888-64-0x00000000009F0000-0x0000000000A11000-memory.dmp
    Filesize

    132KB

    Download
  • memory/1888-65-0x0000000004B31000-0x0000000004B32000-memory.dmp
    Filesize

    4KB

    Download