Overview

overview

10

Static

static

Payment No...df.scr

windows7_x64

10

Payment No...df.scr

windows10_x64

1

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    26-10-2021 10:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Notification.pdf.scr

  • Size

    447KB

  • MD5

    06e79cb697e436c1e66c49d3c39dbd82

  • SHA1

    025758750ef682cead7c98f6cf4156c7bb33a3b2

  • SHA256

    07749072a852c769fad91c350e6921b811fb04de3448516e2ccf5b81d07e22e7

  • SHA512

    f2ec81462399525595b8b0210024e80da782e09f43dae71156e5567b590c30fc5716218441664e4e142dbd0f2ec888e78706a20466866814a8d4454423b4be32

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment Notification.pdf.scr
    "C:\Users\Admin\AppData\Local\Temp\Payment Notification.pdf.scr" /S
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 924
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2608-116-0x0000000000000000-mapping.dmp
    Download
  • memory/2628-115-0x0000000003250000-0x0000000003251000-memory.dmp
    Filesize

    4KB

    Download