Overview

overview

7

Static

static

DHL Expres...11.exe

windows7_x64

7

DHL Expres...11.exe

windows10_x64

7

Analysis

  • max time kernel
    23s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    03-05-2021 05:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL Express shipment waybill number 8318869311.exe

  • Size

    657KB

  • MD5

    6cff6009b60518027e644a36dffcb4f8

  • SHA1

    cd3d592fdf7fe3e2341a48ceb1b79ed330cb3e98

  • SHA256

    256864d01e10f13f207b94efadddd3687aaa7f2a1ab29c8e9fe9a8ae8f524e1f

  • SHA512

    7c11f916bc83af23ebb7aa03045b60b5fa0539e8edf7bf98f6c5c592ed4c36ea4ca751024182dfc7be337d78e21ce207389fb75fd05cf4f34ad6d1c5284859b9

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DHL Express shipment waybill number 8318869311.exe
    "C:\Users\Admin\AppData\Local\Temp\DHL Express shipment waybill number 8318869311.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4016-114-0x0000000000430000-0x0000000000431000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-116-0x00000000052B0000-0x00000000052B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-117-0x0000000004DB0000-0x0000000004DB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-118-0x0000000004E50000-0x0000000004E51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-119-0x0000000004D20000-0x0000000004D21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-120-0x00000000057B0000-0x00000000057B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-121-0x0000000004C70000-0x0000000004D02000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4016-123-0x0000000006510000-0x0000000006531000-memory.dmp
    Filesize

    132KB

    Download
  • memory/4016-124-0x0000000006640000-0x0000000006641000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-125-0x00000000064E0000-0x00000000064E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4016-126-0x0000000004C70000-0x0000000004D02000-memory.dmp
    Filesize

    584KB

    Download