Overview

overview

10

Static

static

NEW ORDER ...DF.exe

windows7_x64

1

NEW ORDER ...DF.exe

windows10_x64

10

Analysis

  • max time kernel
    137s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    24-09-2021 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEW ORDER RE PO88224.PDF.exe

  • Size

    465KB

  • MD5

    a88e3833ee5ccb2434ee90aa645a8894

  • SHA1

    b6e78de80bbdc7748dfcbea47bc43593b587b075

  • SHA256

    4dfab25d3ccff9a33396c252590c27c57f23f9a94b11ebd9834b23981b0908e6

  • SHA512

    becf2614d5196c2b43f74c94f76cc0e9e21ffc75edd8a3ec8057a01ed9e8cfce755590228174692e4935861406627f7048fcf0294007b62148c5ece9f065af77

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe"
      2⤵
        PID:1476
      • C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe
        "C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe"
        2⤵
          PID:1400
        • C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe
          "C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe"
          2⤵
            PID:1444
          • C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe
            "C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe"
            2⤵
              PID:1676
            • C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe
              "C:\Users\Admin\AppData\Local\Temp\NEW ORDER RE PO88224.PDF.exe"
              2⤵
                PID:1668

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1740-53-0x00000000003E0000-0x00000000003E1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1740-55-0x0000000001E50000-0x0000000001E51000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1740-56-0x00000000004B0000-0x00000000004B4000-memory.dmp
              Filesize

              16KB

              Download
            • memory/1740-57-0x0000000004F70000-0x0000000004FD8000-memory.dmp
              Filesize

              416KB

              Download
            • memory/1740-58-0x0000000004110000-0x0000000004148000-memory.dmp
              Filesize

              224KB

              Download