Analysis
-
max time kernel
11s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
03-05-2021 05:40
Static task
static1
Behavioral task
behavioral1
Sample
DHL Express shipment waybill number 8318869311.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DHL Express shipment waybill number 8318869311.exe
Resource
win10v20210408
General
-
Target
DHL Express shipment waybill number 8318869311.exe
-
Size
657KB
-
MD5
6cff6009b60518027e644a36dffcb4f8
-
SHA1
cd3d592fdf7fe3e2341a48ceb1b79ed330cb3e98
-
SHA256
256864d01e10f13f207b94efadddd3687aaa7f2a1ab29c8e9fe9a8ae8f524e1f
-
SHA512
7c11f916bc83af23ebb7aa03045b60b5fa0539e8edf7bf98f6c5c592ed4c36ea4ca751024182dfc7be337d78e21ce207389fb75fd05cf4f34ad6d1c5284859b9
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/752-64-0x0000000000440000-0x0000000000461000-memory.dmp agile_net -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
DHL Express shipment waybill number 8318869311.exepid process 752 DHL Express shipment waybill number 8318869311.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
DHL Express shipment waybill number 8318869311.exedescription pid process Token: SeDebugPrivilege 752 DHL Express shipment waybill number 8318869311.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/752-60-0x0000000000390000-0x0000000000391000-memory.dmpFilesize
4KB
-
memory/752-62-0x0000000004A60000-0x0000000004A61000-memory.dmpFilesize
4KB
-
memory/752-64-0x0000000000440000-0x0000000000461000-memory.dmpFilesize
132KB
-
memory/752-65-0x0000000004A61000-0x0000000004A62000-memory.dmpFilesize
4KB