6e6d502d455f4d1db45f465ff69d1d2f53a78afffbda8e6bc2b12c99ca012926

General

Target

Proforma Invoice.exe
Size

410KB
MD5

05dea597f5e2fdaf7dd91dc2732eb54b
SHA1

6067e82bf295eb76c415a5c4910ea578bae96933
SHA256

6e6d502d455f4d1db45f465ff69d1d2f53a78afffbda8e6bc2b12c99ca012926
SHA512

35d0436a5154a7b9b44b56a9f8cba583cea20a66c9149a54751f55a18bc4f75cb4467c64ef2636c395c6425aad00815a1c4c97522031574bd947e7e8410a5d31

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Proforma Invoice.exe

pid process

736 Proforma Invoice.exe
736 Proforma Invoice.exe
736 Proforma Invoice.exe
736 Proforma Invoice.exe
736 Proforma Invoice.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Proforma Invoice.exe

description pid process

Token: SeDebugPrivilege 736 Proforma Invoice.exe

pid	process
736	Proforma Invoice.exe
736	Proforma Invoice.exe
736	Proforma Invoice.exe
736	Proforma Invoice.exe
736	Proforma Invoice.exe

description	pid	process
Token: SeDebugPrivilege	736	Proforma Invoice.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Proforma Invoice.exe

description	pid	process	target process
PID 736 wrote to memory of 1540	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1540	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1540	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1540	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1948	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1948	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1948	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1948	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1940	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1940	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1940	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1940	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1964	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1964	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1964	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1964	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1956	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1956	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1956	736	Proforma Invoice.exe	Proforma Invoice.exe
PID 736 wrote to memory of 1956	736	Proforma Invoice.exe	Proforma Invoice.exe

C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:736

C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
2⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
2⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
2⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
2⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
2⤵
PID:1956

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/736-60-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/736-62-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

Filesize
4KB

Download
memory/736-63-0x00000000006C0000-0x00000000006CE000-memory.dmp

Filesize
56KB

Download
memory/736-64-0x00000000046A0000-0x00000000046D2000-memory.dmp

Filesize
200KB

Download
memory/736-65-0x0000000004D70000-0x0000000004DA9000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads