Analysis
-
max time kernel
20s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
23-07-2021 15:37
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice copy 00019....pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment Advice copy 00019....pdf.exe
Resource
win10v20210408
General
-
Target
Payment Advice copy 00019....pdf.exe
-
Size
1.4MB
-
MD5
c3c9fecc65c77e6b96c8eb8640bacc36
-
SHA1
64140c46f2471cc8431fbda56d64019c90ff15ab
-
SHA256
ecc8293f6aa073abd1d40cae1f945978f4fcea27b8baf67ee1b5856c45e0d698
-
SHA512
08afede9df6161325090aed194970cc9b0081976ba6c6d26cd56a5b05d0c8deeb248669881c50ba618be8c378a86c939d8e135a6ea9ffb3a3548b47683b5e159
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/992-122-0x0000000006360000-0x0000000006381000-memory.dmp agile_net -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
Payment Advice copy 00019....pdf.exepid process 992 Payment Advice copy 00019....pdf.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Payment Advice copy 00019....pdf.exedescription pid process Token: SeDebugPrivilege 992 Payment Advice copy 00019....pdf.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/992-114-0x0000000000090000-0x0000000000091000-memory.dmpFilesize
4KB
-
memory/992-116-0x00000000050F0000-0x00000000050F1000-memory.dmpFilesize
4KB
-
memory/992-117-0x0000000004BF0000-0x0000000004BF1000-memory.dmpFilesize
4KB
-
memory/992-118-0x0000000004C90000-0x0000000004C91000-memory.dmpFilesize
4KB
-
memory/992-119-0x00000000055F0000-0x00000000055F1000-memory.dmpFilesize
4KB
-
memory/992-120-0x0000000004BD0000-0x0000000004BD1000-memory.dmpFilesize
4KB
-
memory/992-122-0x0000000006360000-0x0000000006381000-memory.dmpFilesize
132KB
-
memory/992-123-0x0000000006440000-0x0000000006441000-memory.dmpFilesize
4KB
-
memory/992-124-0x0000000006410000-0x0000000006411000-memory.dmpFilesize
4KB
-
memory/992-125-0x0000000004BD1000-0x0000000004BD2000-memory.dmpFilesize
4KB