Overview

overview

10

Static

static

TNT Receip...78.exe

windows7_x64

3

TNT Receip...78.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    02-12-2021 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TNT Receipt_AWB87993766478.exe

  • Size

    403KB

  • MD5

    36ed13b511e448619ce8ee5d4e8942c0

  • SHA1

    1cea63be94a4924620772c65ffc1d8f0522cf6e1

  • SHA256

    cf62df26ae345d82c6fda70f630da7e4525db99463fcb2fa69a26d5d8a926275

  • SHA512

    478d3ac710a809bffcf1fcfde1abe4792ffb013fee820767703fb365ae4166b293b0e78d43b2188246cbf2bb53840b93aff17df487baf8612e2dba9c7496d2dc

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TNT Receipt_AWB87993766478.exe
    "C:\Users\Admin\AppData\Local\Temp\TNT Receipt_AWB87993766478.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 664
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1628-55-0x0000000000B60000-0x0000000000B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1628-57-0x00000000757E1000-0x00000000757E3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1628-58-0x00000000003F0000-0x00000000003F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1628-59-0x00000000003D0000-0x00000000003D8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1628-60-0x0000000004D80000-0x0000000004DC4000-memory.dmp
    Filesize

    272KB

    Download
  • memory/1756-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1756-62-0x0000000000430000-0x0000000000431000-memory.dmp
    Filesize

    4KB

    Download