Analysis
-
max time kernel
133s -
max time network
136s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
03-05-2021 05:40
General
-
Target
Shipment Document BL,INV and packing list.jpg.exe
-
Size
644KB
-
MD5
a1d72771e8c5bfb81ce86c19bb31b79e
-
SHA1
c03b133bfeb72c764fd4fb33f50f4c7c87d25908
-
SHA256
cb5d45a2aff741e92a19428d7b5c5dbec63183e42035b190d732c3dd7d75918a
-
SHA512
1fcb69604200a38304b2802cff6e50695db62696004b8f3718f94855ebe4a46dbf3ee9113862b325894962b44e6885409bace5a2fe1cd16b73a72b25db6abad5
Score
7/10
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Shipment Document BL,INV and packing list.jpg.exe"C:\Users\Admin\AppData\Local\Temp\Shipment Document BL,INV and packing list.jpg.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3944-114-0x0000000000580000-0x0000000000581000-memory.dmpFilesize
4KB
-
memory/3944-116-0x0000000004F70000-0x0000000004F71000-memory.dmpFilesize
4KB
-
memory/3944-117-0x0000000005590000-0x0000000005591000-memory.dmpFilesize
4KB
-
memory/3944-118-0x0000000005130000-0x0000000005131000-memory.dmpFilesize
4KB
-
memory/3944-119-0x00000000051D0000-0x00000000051D1000-memory.dmpFilesize
4KB
-
memory/3944-121-0x0000000005090000-0x000000000558E000-memory.dmpFilesize
5.0MB
-
memory/3944-122-0x0000000006770000-0x0000000006791000-memory.dmpFilesize
132KB
-
memory/3944-123-0x0000000006840000-0x0000000006841000-memory.dmpFilesize
4KB
-
memory/3944-124-0x0000000006740000-0x0000000006741000-memory.dmpFilesize
4KB
-
memory/3944-125-0x0000000005090000-0x000000000558E000-memory.dmpFilesize
5.0MB