Analysis
-
max time kernel
94s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
28-05-2021 06:09
General
-
Target
SHIPPING.EXE
-
Size
995KB
-
MD5
f2a682285538e549fdd79b0894845a0d
-
SHA1
bf9f676acacbdda8fd45961d0643cf1490b78a1b
-
SHA256
de0b606e584fe14e4da467b21ceb098a20642c1f7c885ade25675749f50824d4
-
SHA512
faa3082c2dabb314ad7dd1bd56044a8707e236fc09abc76e747ba9decadd988256ffd7c4144941ed2af1036cf8bbf27a490c545613f63ceb5ad88aee6ec4c541
Score
9/10
Malware Config
Signatures
-
Core1 .NET packer 1 IoCs
Detects packer/loader used by .NET malware.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SHIPPING.EXE"C:\Users\Admin\AppData\Local\Temp\SHIPPING.EXE"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4044-114-0x0000000000680000-0x0000000000681000-memory.dmpFilesize
4KB
-
memory/4044-116-0x000000001C5E0000-0x000000001C778000-memory.dmpFilesize
1.6MB
-
memory/4044-117-0x000000001CD50000-0x000000001CD51000-memory.dmpFilesize
4KB
-
memory/4044-118-0x0000000002E20000-0x0000000002E22000-memory.dmpFilesize
8KB
-
memory/4044-119-0x000000001CB80000-0x000000001CCB2000-memory.dmpFilesize
1.2MB
-
memory/4044-120-0x0000000002E30000-0x0000000002EF3000-memory.dmpFilesize
780KB
-
memory/4044-121-0x0000000001090000-0x0000000001091000-memory.dmpFilesize
4KB
-
memory/4044-122-0x0000000002E22000-0x0000000002E24000-memory.dmpFilesize
8KB