Overview

overview

10

Static

static

Proforma Invoice.exe

windows7_x64

10

Proforma Invoice.exe

windows10_x64

8

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    19-10-2021 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proforma Invoice.exe

  • Size

    129KB

  • MD5

    2abee0c90bce9307bd28b1f1607cbba4

  • SHA1

    bfb2912a7caeb1b73aca9847c6f05cfebebf54d9

  • SHA256

    21ac46250f6363cb7e193af0920eadc44d4ddeac442022510b8eaa11b3249d48

  • SHA512

    e4a0bd8d9205b5e5756169473cba75ad6341d2075be46f3850ea0dcf3324ea126123e278e63bcda93f57b311d4717960b0c28a7381930a5a6f081e9ed0283a43

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
      2⤵
        PID:1216

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2436-115-0x0000000000FE0000-0x0000000000FE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2436-117-0x00000000017F0000-0x00000000017F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2436-118-0x000000001BD50000-0x000000001BD52000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2436-119-0x0000000003070000-0x0000000003085000-memory.dmp
      Filesize

      84KB

      Download