Overview

overview

10

Static

static

SOA_IN_APR...DF.exe

windows7_x64

6

SOA_IN_APR...DF.exe

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    10-05-2021 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SOA_IN_APRIL_2021._CARGO.CHINA_PDF.exe

  • Size

    721KB

  • MD5

    c110b7d722e09fb92c3c5bb96a606ac5

  • SHA1

    25d1851b878f22bc4b8fd27909a24b56a49cb669

  • SHA256

    40dc655d06780c3f628f6ec2c3848d797c8ba88dcc50e3397e4e464ec12aaade

  • SHA512

    9bad63aab7af6ef2201545fbb886ec45c3c53b3febeb28c38ba3e78cbafbc9bdfa6edfe1752d30d2917d233cb0e2e97ac54139d38d153b5aa9f415faaaced4ca

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SOA_IN_APRIL_2021._CARGO.CHINA_PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\SOA_IN_APRIL_2021._CARGO.CHINA_PDF.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\SysWOW64\dialer.exe
      C:\Windows\System32\dialer.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:292
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 148
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/292-60-0x0000000000000000-mapping.dmp
    Download
  • memory/292-61-0x00000000753B1000-0x00000000753B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/292-63-0x0000000000140000-0x0000000000141000-memory.dmp
    Filesize

    4KB

    Download
  • memory/292-65-0x00000000002D0000-0x00000000002D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/292-67-0x0000000000100000-0x0000000000101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/292-66-0x0000000010590000-0x000000001060B000-memory.dmp
    Filesize

    492KB

    Download
  • memory/788-62-0x0000000000000000-mapping.dmp
    Download
  • memory/788-68-0x0000000001D10000-0x0000000001D11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1100-59-0x00000000003A0000-0x00000000003A1000-memory.dmp
    Filesize

    4KB

    Download