Overview

overview

10

Static

static

payment copy.exe

windows7_x64

3

payment copy.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    01-12-2021 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    payment copy.exe

  • Size

    337KB

  • MD5

    7ff711fce0553fa21e4e305253d2018c

  • SHA1

    f06a20b3b4051b1a04282ac6f902d5f3a7263a61

  • SHA256

    86527ddc54f19b87b4c39279d96bead8f58a9961e0115d7ff12719b688f12df5

  • SHA512

    714e766e57424c693f24012044b582c681582cc86e65f6b22757baca0613a3f2a3a4d5c7766a8fde57a75fe3614fd21f9259f5ea5b1334064aa6fcd746f87a0a

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\payment copy.exe
    "C:\Users\Admin\AppData\Local\Temp\payment copy.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 664
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1860-55-0x0000000000D60000-0x0000000000D61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1860-57-0x0000000075881000-0x0000000075883000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1860-58-0x0000000004D20000-0x0000000004D21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1860-59-0x00000000003F0000-0x00000000003F6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1860-60-0x0000000004630000-0x0000000004674000-memory.dmp
    Filesize

    272KB

    Download
  • memory/1920-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1920-62-0x00000000001F0000-0x0000000000250000-memory.dmp
    Filesize

    384KB

    Download