9e393967e94c1f667955493b1b23f0b74c732a46c4eaa04d6e13a51c33a17ab9

General

Target

Purchase Order-10764.exe
Size

778KB
MD5

e215c8ce14ee4aaef36fff8d642d65f2
SHA1

51ac31f69e5b45e738ed6d38539c228693ac4ce7
SHA256

9e393967e94c1f667955493b1b23f0b74c732a46c4eaa04d6e13a51c33a17ab9
SHA512

12eb4ab62431fe882651d178ef8288f9f934a30af602177eebd54f2f94f2d3cfacf03488fc7ac9975f7c65e58ee9f502c347f84b9372e05ce68c71d91c0f4090

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Purchase Order-10764.exe

pid process

360 Purchase Order-10764.exe
360 Purchase Order-10764.exe
360 Purchase Order-10764.exe
360 Purchase Order-10764.exe
360 Purchase Order-10764.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Purchase Order-10764.exe

description pid process

Token: SeDebugPrivilege 360 Purchase Order-10764.exe

pid	process
360	Purchase Order-10764.exe
360	Purchase Order-10764.exe
360	Purchase Order-10764.exe
360	Purchase Order-10764.exe
360	Purchase Order-10764.exe

description	pid	process
Token: SeDebugPrivilege	360	Purchase Order-10764.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Purchase Order-10764.exe

description	pid	process	target process
PID 360 wrote to memory of 1664	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1664	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1664	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1664	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1688	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1688	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1688	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1688	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1548	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1548	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1548	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1548	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1668	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1668	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1668	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1668	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1580	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1580	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1580	360	Purchase Order-10764.exe	Purchase Order-10764.exe
PID 360 wrote to memory of 1580	360	Purchase Order-10764.exe	Purchase Order-10764.exe

C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe
"C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:360
- C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe"
  2⤵
  PID:1664
- C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe"
  2⤵
  PID:1688
- C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe"
  2⤵
  PID:1548
- C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe"
  2⤵
  PID:1668
- C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order-10764.exe"
  2⤵
  PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/360-59-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/360-61-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/360-62-0x00000000004C0000-0x00000000004C4000-memory.dmp

Filesize
16KB

Download
memory/360-63-0x0000000005710000-0x0000000005790000-memory.dmp

Filesize
512KB

Download
memory/360-64-0x0000000002040000-0x0000000002079000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads