Overview
overview
10Static
static
Order.exe
windows7_x64
5Order.exe
windows10_x64
5????? ????...DF.exe
windows7_x64
10????? ????...DF.exe
windows10_x64
1087597.exe
windows7_x64
1087597.exe
windows10_x64
1029146c1ccd...70.exe
windows7_x64
729146c1ccd...70.exe
windows10_x64
72cc3b42957...8e.exe
windows7_x64
102cc3b42957...8e.exe
windows10_x64
10RICHIESTA ...TA.exe
windows7_x64
10RICHIESTA ...TA.exe
windows10_x64
1039c1e12e0a...25c.js
windows7_x64
139c1e12e0a...25c.js
windows10_x64
13f46e10e5f...3b.exe
windows7_x64
53f46e10e5f...3b.exe
windows10_x64
553074094ad...95dbec
linux_mipsel
685dce7a17...03.exe
windows7_x64
10685dce7a17...03.exe
windows10_x64
106c4aab4c3b...e2.exe
windows7_x64
106c4aab4c3b...e2.exe
windows10_x64
1073a52a4c60...c0.exe
windows7_x64
373a52a4c60...c0.exe
windows10_x64
3Inv_7623980.exe
windows7_x64
10Inv_7623980.exe
windows10_x64
108954739d96...a8.ps1
windows7_x64
88954739d96...a8.ps1
windows10_x64
8USD $.exe
windows7_x64
10USD $.exe
windows10_x64
1091d079d937...b9.exe
windows7_x64
91d079d937...b9.exe
windows10_x64
9706247fdb...89.exe
windows7_x64
Analysis
-
max time kernel
122s -
max time network
170s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
30-07-2021 15:25
Static task
static1
Behavioral task
behavioral1
Sample
Order.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral2
Sample
Order.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral3
Sample
????? ?????? ????#454326_PDF.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
????? ?????? ????#454326_PDF.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral5
Sample
87597.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral6
Sample
87597.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral7
Sample
29146c1ccdf280c8ac9d0c861f8bd222d2d93777c8a822da4d72c64fc3f78670.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral8
Sample
29146c1ccdf280c8ac9d0c861f8bd222d2d93777c8a822da4d72c64fc3f78670.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral9
Sample
2cc3b4295747aeeb5a54b923fdbc9be766ee156c8914f5c07663f7cb1055068e.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral10
Sample
2cc3b4295747aeeb5a54b923fdbc9be766ee156c8914f5c07663f7cb1055068e.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral11
Sample
RICHIESTA DI OFFERTA.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral12
Sample
RICHIESTA DI OFFERTA.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral13
Sample
39c1e12e0ada85fa835b623a4698345bf95372bea57a7d3a5070ea1d5d5d825c.js
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral14
Sample
39c1e12e0ada85fa835b623a4698345bf95372bea57a7d3a5070ea1d5d5d825c.js
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral15
Sample
3f46e10e5fe376b995e2947d1be21955aa8341f39d80cca737109fcf2cf2bf3b.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral16
Sample
3f46e10e5fe376b995e2947d1be21955aa8341f39d80cca737109fcf2cf2bf3b.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral17
Sample
53074094addc55786936f3d67d7fe36554a7c4f4f96c06252ae768707295dbec
Resource
debian9-mipsel
linux_mipsel
Behavioral task
behavioral18
Sample
685dce7a17356b2a9fe68600ab29af885c591d23221e8f65396478d3a1f5ae03.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral19
Sample
685dce7a17356b2a9fe68600ab29af885c591d23221e8f65396478d3a1f5ae03.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral20
Sample
6c4aab4c3bd1ba8f77a781d70ecbc1b4c7dfd9d3c7ad60158fb8d35d1d4246e2.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral21
Sample
6c4aab4c3bd1ba8f77a781d70ecbc1b4c7dfd9d3c7ad60158fb8d35d1d4246e2.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral22
Sample
73a52a4c60d253ccdb79e5d50814d1689a49fd85f9e0a40a0dc57ba7fb54e5c0.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral23
Sample
73a52a4c60d253ccdb79e5d50814d1689a49fd85f9e0a40a0dc57ba7fb54e5c0.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral24
Sample
Inv_7623980.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral25
Sample
Inv_7623980.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral26
Sample
8954739d960eecd84aa64e657aed72d40567764023ba14e048778d0ebf24cba8.ps1
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral27
Sample
8954739d960eecd84aa64e657aed72d40567764023ba14e048778d0ebf24cba8.ps1
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral28
Sample
USD $.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral29
Sample
USD $.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral30
Sample
91d079d9371fa53227e4bb2207ba4d3aa4733feee607773b696779c5e87846b9.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral31
Sample
91d079d9371fa53227e4bb2207ba4d3aa4733feee607773b696779c5e87846b9.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral32
Sample
9706247fdb847874ca3fad6229787e37299be25d938af865a8e5b132bf313b89.exe
Resource
win7v20210408
windows7_x64
General
-
Target
Order.exe
-
Size
184KB
-
MD5
b48a1b6628f1f941e506d15013a72619
-
SHA1
4d6a9fb6ad5aa1b53440c2eb0806602fc164b0a2
-
SHA256
cf540119b481ff1a73efd8f50bc5942faaa46e79f9cb78d06b2b993ef4c921a4
-
SHA512
c74f5fb663cd9e34c234a78884a30399825ed4211d5c1a795bebc6fa2546ae02ba9ddf24e648fd251ac5a265131cd645855483aeb411892367858ac2a571f6be
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2024 set thread context of 1956 2024 Order.exe 26 -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2024 Order.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2024 wrote to memory of 1956 2024 Order.exe 26 PID 2024 wrote to memory of 1956 2024 Order.exe 26 PID 2024 wrote to memory of 1956 2024 Order.exe 26 PID 2024 wrote to memory of 1956 2024 Order.exe 26 PID 2024 wrote to memory of 1956 2024 Order.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\Order.exe"C:\Users\Admin\AppData\Local\Temp\Order.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\Order.exe"C:\Users\Admin\AppData\Local\Temp\Order.exe"2⤵PID:1956
-