a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b

Analysis

max time kernel
146s
max time network
130s
platform
windows7_x64
resource
win7-en-20210920
submitted
24-09-2021 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PROFOMA INVOICE.exe
Size

866KB
MD5

24736913b455be2ed3d1cc67c767afc4
SHA1

8026db0f265178cf013ac579c1b7267f4014bf2c
SHA256

a109f0b9407728fef1b41d766e8228085ee04661156d84ef543777bf311f450b
SHA512

49dd3e5ecbf6d4cd310a45d0b52e36a363d701f0a9cc14a1d3c103b613eb5a756fdc9ce8b028d69b56c4c8137d29ea3d57865b4ff75dac44bf982e5c80ee56ee

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

PROFOMA INVOICE.exe

pid process

1192 PROFOMA INVOICE.exe
1192 PROFOMA INVOICE.exe
1192 PROFOMA INVOICE.exe
1192 PROFOMA INVOICE.exe
1192 PROFOMA INVOICE.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PROFOMA INVOICE.exe

description pid process

Token: SeDebugPrivilege 1192 PROFOMA INVOICE.exe

pid	process
1192	PROFOMA INVOICE.exe
1192	PROFOMA INVOICE.exe
1192	PROFOMA INVOICE.exe
1192	PROFOMA INVOICE.exe
1192	PROFOMA INVOICE.exe

description	pid	process
Token: SeDebugPrivilege	1192	PROFOMA INVOICE.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

PROFOMA INVOICE.exe

description	pid	process	target process
PID 1192 wrote to memory of 1788	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1788	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1788	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1788	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1784	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1784	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1784	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1784	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1548	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1548	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1548	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1548	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1564	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1564	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1564	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 1564	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 952	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 952	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 952	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe
PID 1192 wrote to memory of 952	1192	PROFOMA INVOICE.exe	PROFOMA INVOICE.exe

C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
"C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1192

C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
"{path}"
2⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
"{path}"
2⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
"{path}"
2⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
"{path}"
2⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\PROFOMA INVOICE.exe
"{path}"
2⤵
PID:952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-54-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1192-56-0x0000000004290000-0x0000000004291000-memory.dmp

Filesize
4KB

Download
memory/1192-57-0x0000000000330000-0x000000000033E000-memory.dmp

Filesize
56KB

Download
memory/1192-58-0x0000000007EE0000-0x0000000007F59000-memory.dmp

Filesize
484KB

Download
memory/1192-59-0x00000000007A0000-0x00000000007CB000-memory.dmp

Filesize
172KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads