107f0cce39dcfa85508fd5d256fa0515b6e27f554628e2ca4400af9dc2a5dcae

General

Target

Remittance_90523_03.exe
Size

1.2MB
MD5

4877999ea194338dfe6ad0b7c501afe8
SHA1

41c912ac202c7b590450fd91e4f2ed6faa5b2aff
SHA256

107f0cce39dcfa85508fd5d256fa0515b6e27f554628e2ca4400af9dc2a5dcae
SHA512

e28520a7d7c5bcccb7309d51c2e5c67668e7c081cf15f133ad4345e1b46a92e652d435abe718c6df851ffa57f8e0355bcccf3cb8e4361bd10012723034e7a5bf

Score

9^/10

Malware Config

Signatures

CustAttr .NET packer 1 IoCs

Detects CustAttr .NET packer in memory.

Processes:

resource	yara_rule
behavioral1/memory/1756-63-0x00000000004C0000-0x00000000004CB000-memory.dmp	CustAttr

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Remittance_90523_03.exe

pid	process
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe
1756	Remittance_90523_03.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Remittance_90523_03.exe

description pid process

Token: SeDebugPrivilege 1756 Remittance_90523_03.exe

description	pid	process
Token: SeDebugPrivilege	1756	Remittance_90523_03.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Remittance_90523_03.exe

description	pid	process	target process
PID 1756 wrote to memory of 676	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 676	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 676	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 676	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 904	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 904	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 904	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 904	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 932	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 932	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 932	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 932	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 368	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 368	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 368	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 368	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 592	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 592	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 592	1756	Remittance_90523_03.exe	Remittance_90523_03.exe
PID 1756 wrote to memory of 592	1756	Remittance_90523_03.exe	Remittance_90523_03.exe

C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe
"C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1756

C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe
"C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe"
2⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe
"C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe"
2⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe
"C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe"
2⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe
"C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe"
2⤵
PID:368

C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe
"C:\Users\Admin\AppData\Local\Temp\Remittance_90523_03.exe"
2⤵
PID:592

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-60-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1756-62-0x00000000043D0000-0x00000000043D1000-memory.dmp

Filesize
4KB

Download
memory/1756-63-0x00000000004C0000-0x00000000004CB000-memory.dmp

Filesize
44KB

Download
memory/1756-64-0x0000000005650000-0x00000000056C5000-memory.dmp

Filesize
468KB

Download
memory/1756-65-0x0000000001E10000-0x0000000001E40000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads