Analysis
-
max time kernel
146s -
max time network
130s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
24-09-2021 13:44
Static task
static1
Behavioral task
behavioral1
Sample
PROFOMA INVOICE.exe
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
General
-
Target
PROFOMA INVOICE.exe
-
Size
866KB
-
MD5
24736913b455be2ed3d1cc67c767afc4
-
SHA1
8026db0f265178cf013ac579c1b7267f4014bf2c
-
SHA256
a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b
-
SHA512
49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
PROFOMA INVOICE.exepid process 1192 PROFOMA INVOICE.exe 1192 PROFOMA INVOICE.exe 1192 PROFOMA INVOICE.exe 1192 PROFOMA INVOICE.exe 1192 PROFOMA INVOICE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
PROFOMA INVOICE.exedescription pid process Token: SeDebugPrivilege 1192 PROFOMA INVOICE.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
PROFOMA INVOICE.exedescription pid process target process PID 1192 wrote to memory of 1788 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1788 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1788 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1788 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1784 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1784 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1784 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1784 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1548 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1548 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1548 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1548 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1564 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1564 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1564 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 1564 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 952 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 952 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 952 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe PID 1192 wrote to memory of 952 1192 PROFOMA INVOICE.exe PROFOMA INVOICE.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1192-54-0x0000000000380000-0x0000000000381000-memory.dmpFilesize
4KB
-
memory/1192-56-0x0000000004290000-0x0000000004291000-memory.dmpFilesize
4KB
-
memory/1192-57-0x0000000000330000-0x000000000033E000-memory.dmpFilesize
56KB
-
memory/1192-58-0x0000000007EE0000-0x0000000007F59000-memory.dmpFilesize
484KB
-
memory/1192-59-0x00000000007A0000-0x00000000007CB000-memory.dmpFilesize
172KB