PROFOMA INVOICE.exe

General
Target

PROFOMA INVOICE.exe

Filesize

866KB

Completed

24-09-2021 13:47

Score
1 /10
MD5

24736913b455be2ed3d1cc67c767afc4

SHA1

8026db0f265178cf013ac579c1b7267f4014bf2c

SHA256

a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

Malware Config
Signatures 3

Filter: none

  • Suspicious behavior: EnumeratesProcesses
    PROFOMA INVOICE.exe

    Reported IOCs

    pidprocess
    1192PROFOMA INVOICE.exe
    1192PROFOMA INVOICE.exe
    1192PROFOMA INVOICE.exe
    1192PROFOMA INVOICE.exe
    1192PROFOMA INVOICE.exe
  • Suspicious use of AdjustPrivilegeToken
    PROFOMA INVOICE.exe

    Reported IOCs

    descriptionpidprocess
    Token: SeDebugPrivilege1192PROFOMA INVOICE.exe
  • Suspicious use of WriteProcessMemory
    PROFOMA INVOICE.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1192 wrote to memory of 17881192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17881192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17881192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17881192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17841192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17841192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17841192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 17841192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15481192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15481192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15481192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15481192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15641192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15641192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15641192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 15641192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 9521192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 9521192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 9521192PROFOMA INVOICE.exePROFOMA INVOICE.exe
    PID 1192 wrote to memory of 9521192PROFOMA INVOICE.exePROFOMA INVOICE.exe
Processes 6
  • C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
    "C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"
    Suspicious behavior: EnumeratesProcesses
    Suspicious use of AdjustPrivilegeToken
    Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
      "{path}"
      PID:1788
    • C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
      "{path}"
      PID:1784
    • C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
      "{path}"
      PID:1548
    • C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
      "{path}"
      PID:1564
    • C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
      "{path}"
      PID:952
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1192-54-0x0000000000380000-0x0000000000381000-memory.dmp

                          • memory/1192-56-0x0000000004290000-0x0000000004291000-memory.dmp

                          • memory/1192-57-0x0000000000330000-0x000000000033E000-memory.dmp

                          • memory/1192-58-0x0000000007EE0000-0x0000000007F59000-memory.dmp

                          • memory/1192-59-0x00000000007A0000-0x00000000007CB000-memory.dmp