Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
01-12-2021 11:00
General
-
Target
purchase order01102.exe
-
Size
2.0MB
-
MD5
17fcd17f51b96a5a41684dd09a629c05
-
SHA1
4d83fd286f31a1b0b387423d0e8fce90da16bfd9
-
SHA256
7d57902ed9cc59fc539984a27e96e6310b42f1cd3ae1206c0d3505ab0d062f1f
-
SHA512
ba167809ec29183d55acb306a7ef8c41d2284914b0fbbd918b28c4a8587f640c20d12954884c354552de0464b6b34c4cd1ffd76aa737a72a7d90af4b3b0b468c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\purchase order01102.exe"C:\Users\Admin\AppData\Local\Temp\purchase order01102.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 7362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/552-61-0x0000000000000000-mapping.dmp
-
memory/552-62-0x00000000006E0000-0x00000000006E1000-memory.dmpFilesize
4KB
-
memory/976-55-0x0000000000B10000-0x0000000000B11000-memory.dmpFilesize
4KB
-
memory/976-57-0x0000000076341000-0x0000000076343000-memory.dmpFilesize
8KB
-
memory/976-58-0x00000000003B0000-0x00000000003B1000-memory.dmpFilesize
4KB
-
memory/976-59-0x0000000000460000-0x0000000000466000-memory.dmpFilesize
24KB
-
memory/976-60-0x0000000007F30000-0x0000000008162000-memory.dmpFilesize
2.2MB