f3a8222b6462aafcc1d47fa1a1ca8972daf438b0d98666308958982307ab88fd | Triage

Analysis

max time kernel
124s
max time network
129s
platform
windows10_x64
resource
win10-en-20211014
submitted
18-10-2021 12:49

Sharing

Report Analysis Logs

General

Target

Payment Slip.exe
Size

81KB
MD5

6e93f7298beda239f60083a0c5425060
SHA1

3eae538f716c7ef96ec27915d966e5ee8eb95f61
SHA256

f3a8222b6462aafcc1d47fa1a1ca8972daf438b0d98666308958982307ab88fd
SHA512

559cf0a364fb1e2fd6d40a0113d201e81f531c325aaf4ddb701b1343bfedb654ed7ab34a0eff07eeb5cde7e5cf674bf5cd0fabc55b3638b26e77cd8cf31c4a23

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Payment Slip.exe

pid process

2124 Payment Slip.exe
2124 Payment Slip.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Payment Slip.exe

description pid process

Token: SeDebugPrivilege 2124 Payment Slip.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Payment Slip.exe

description	pid	process	target process
PID 2124 wrote to memory of 2240	2124	Payment Slip.exe	aspnet_compiler.exe
PID 2124 wrote to memory of 2240	2124	Payment Slip.exe	aspnet_compiler.exe
PID 2124 wrote to memory of 2240	2124	Payment Slip.exe	aspnet_compiler.exe

C:\Users\Admin\AppData\Local\Temp\Payment Slip.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Slip.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2124

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
2⤵
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2124-115-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/2124-117-0x000000001B0D0000-0x000000001B0D2000-memory.dmp

Filesize
8KB

Download
memory/2124-118-0x0000000000D10000-0x0000000000D12000-memory.dmp

Filesize
8KB

Download
memory/2124-119-0x0000000002610000-0x0000000002621000-memory.dmp

Filesize
68KB

Download