Overview

overview

10

Static

static

Order_8748...53.exe

windows7_x64

10

Order_8748...53.exe

windows10_x64

8

Analysis

  • max time kernel
    78s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    19-10-2021 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order_874844_376353.exe

  • Size

    129KB

  • MD5

    597840891d0f619d49b499298a5897bf

  • SHA1

    dec68f6727cf685869b9971a968fc8ad35fb4934

  • SHA256

    c039e57a33d3a58d59d38d325a160a61725940cd5d5f25e23855ae56660004ee

  • SHA512

    960c3abb5eaa37eee1e3fb3e26982222fe24064f7dff507d2e40f4a9be3653ed50dd36ca248587a3f00f9e57103b9dcfe352304e61b69feb33501de55d762f22

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Order_874844_376353.exe
    "C:\Users\Admin\AppData\Local\Temp\Order_874844_376353.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      2⤵
        PID:1344

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2744-115-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-117-0x000000001BD00000-0x000000001BD02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2744-118-0x00000000013F0000-0x00000000013F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2744-119-0x00000000015C0000-0x00000000015D5000-memory.dmp

      Filesize

      84KB

      Download