Overview

overview

10

Static

static

8

BL. NO. AN...21.exe

windows7_x64

10

BL. NO. AN...21.exe

windows10_x64

10

Sample_101...mg.exe

windows7_x64

10

Sample_101...mg.exe

windows10_x64

10

Invoice 19...df.exe

windows7_x64

1

Invoice 19...df.exe

windows10_x64

10

Leak/PROFO...CE.doc

windows7_x64

10

Leak/PROFO...CE.doc

windows10_x64

1

Payment re...df.exe

windows7_x64

10

Payment re...df.exe

windows10_x64

10

Leak/Profo...mg.xls

windows7_x64

10

Leak/Profo...mg.xls

windows10_x64

10

Analysis

  • max time kernel
    561s
  • max time network
    606s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    26-10-2021 07:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Invoice 1905-20-1907-20.pdf.exe

  • Size

    742KB

  • MD5

    d40d05b8b73fb36ca9ae679997decbf7

  • SHA1

    1099139b29753b0308fd3729a1b0a894fb98b94e

  • SHA256

    9509214ef8fd1704c88aebdd75cf26345735cf6901af44de6038dce4e4d46f34

  • SHA512

    6c6388214929c2d094584c8ddfe5b116ff6c250e2c32f161d5328a258191e115fca6a10275e7e366a7ab976116e2b2406dbc699c4a5287aac39ee127657d900b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe
      "C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe"
      2⤵
        PID:960
      • C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe
        "C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe"
        2⤵
          PID:1724
        • C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe
          "C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe"
          2⤵
            PID:1728
          • C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe
            "C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe"
            2⤵
              PID:1564
            • C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe
              "C:\Users\Admin\AppData\Local\Temp\Invoice 1905-20-1907-20.pdf.exe"
              2⤵
                PID:1608

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1112-53-0x00000000751A1000-0x00000000751A3000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1112-54-0x00000000005F0000-0x00000000005F1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1112-55-0x00000000005F1000-0x00000000005F2000-memory.dmp
              Filesize

              4KB

              Download