Overview

overview

10

Static

static

23-07-2021...df.exe

windows7_x64

3

23-07-2021...df.exe

windows10_x64

3

23-07-2021...r .exe

windows7_x64

10

23-07-2021...r .exe

windows10_x64

10

New order ...df.exe

windows7_x64

10

New order ...df.exe

windows10_x64

10

23-07-2021...at.exe

windows7_x64

10

23-07-2021...at.exe

windows10_x64

10

23-07-2021...2).exe

windows7_x64

10

23-07-2021...2).exe

windows10_x64

10

Payment copy.pdf.exe

windows7_x64

1

Payment copy.pdf.exe

windows10_x64

10

23-07-2021...TA.exe

windows7_x64

10

23-07-2021...TA.exe

windows10_x64

10

23-07-2021...PY.exe

windows7_x64

10

23-07-2021...PY.exe

windows10_x64

10

23-07-2021...at.exe

windows7_x64

10

23-07-2021...at.exe

windows10_x64

10

payment re...df.exe

windows7_x64

10

payment re...df.exe

windows10_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    26s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    25-07-2021 23:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment copy.pdf.exe

  • Size

    597KB

  • MD5

    59ebd03380ec88b7543ce53775402ad4

  • SHA1

    ffdcf1b54a27cfe803cdb97a9be8da8f4d451e88

  • SHA256

    6bc597969852f50b5c80dcd7efaa0792d170999456c6f8bd0a5ce274ae4eb63b

  • SHA512

    293e276d463fdcf37e193536929badb42cce238f76a2e2c375eaa92fd0eccc933b6efa3f2f102c9f076ff701a3940e1788e2a2a45930460153054a7806b82f92

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe
      "{path}"
      2⤵
        PID:1648
      • C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe
        "{path}"
        2⤵
          PID:1572
        • C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe
          "{path}"
          2⤵
            PID:1580
          • C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe
            "{path}"
            2⤵
              PID:1604
            • C:\Users\Admin\AppData\Local\Temp\Payment copy.pdf.exe
              "{path}"
              2⤵
                PID:1456

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/940-60-0x00000000003C0000-0x00000000003C1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/940-62-0x0000000000370000-0x0000000000371000-memory.dmp
              Filesize

              4KB

              Download
            • memory/940-63-0x00000000003B0000-0x00000000003B2000-memory.dmp
              Filesize

              8KB

              Download
            • memory/940-64-0x0000000007CD0000-0x0000000007D43000-memory.dmp
              Filesize

              460KB

              Download
            • memory/940-65-0x0000000001FA0000-0x0000000001FCC000-memory.dmp
              Filesize

              176KB

              Download