786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1 | Triage

Analysis

max time kernel
2s
max time network
56s
platform
windows7_x64
resource
win7v20210410
submitted
26-07-2021 10:02

Sharing

Report Analysis Logs

General

Target

INVOICE RECEIPT NO253334.exe
Size

455KB
MD5

c6b4a2eb53f687988c0427cf752d429f
SHA1

d6b3299043950047524087631f72375b68bfc36d
SHA256

786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1
SHA512

ded0daa7672ade2aabf1695c67441c0c488b8f44170ebd438105936eeac2a4d9fb7da1aef48565bb42caf6807eb4f0157a0de43ddf4731e5d3c428e8cf034dee

Score

1^/10

Malware Config

Signatures

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

INVOICE RECEIPT NO253334.exe

pid process

1208 INVOICE RECEIPT NO253334.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

INVOICE RECEIPT NO253334.exe

description	pid	process	target process
PID 1208 wrote to memory of 1472	1208	INVOICE RECEIPT NO253334.exe	MSBuild.exe
PID 1208 wrote to memory of 1472	1208	INVOICE RECEIPT NO253334.exe	MSBuild.exe
PID 1208 wrote to memory of 1472	1208	INVOICE RECEIPT NO253334.exe	MSBuild.exe
PID 1208 wrote to memory of 1472	1208	INVOICE RECEIPT NO253334.exe	MSBuild.exe
PID 1208 wrote to memory of 1472	1208	INVOICE RECEIPT NO253334.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\INVOICE RECEIPT NO253334.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE RECEIPT NO253334.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Users\Admin\AppData\Local\Temp\INVOICE RECEIPT NO253334.exe"
  2⤵
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-59-0x0000000076661000-0x0000000076663000-memory.dmp

Filesize
8KB

Download
memory/1208-60-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download