Overview

overview

10

Static

static

PURCHASE O...35.exe

windows7_x64

3

PURCHASE O...35.exe

windows10_x64

10

Resubmissions

03-12-2021 02:14

211203-cn3j4adgaj 10

03-12-2021 02:10

211203-clx7ladfer 3

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    03-12-2021 02:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PURCHASE ORDER SEELB435.exe

  • Size

    463KB

  • MD5

    69d915d390d2a49b48a2a06eaa3fba07

  • SHA1

    6d98e1bce382887011d2691d25dc71b05515004d

  • SHA256

    df461f850794a76cdf05708ef171f683e525b2475b1befadc1bccf4571553f6c

  • SHA512

    e5c273d04fdc950a0ea5196948e0fd4c592d92e0c5eb7e60f1c8088180c9dde69f96a7d388999993f8381c9d4fc0f37c316c4178836a2f9d6039b08b03fbee81

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PURCHASE ORDER SEELB435.exe
    "C:\Users\Admin\AppData\Local\Temp\PURCHASE ORDER SEELB435.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 704
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1376-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1376-62-0x0000000000380000-0x0000000000381000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1916-55-0x0000000000340000-0x0000000000341000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1916-57-0x0000000076231000-0x0000000076233000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1916-58-0x0000000004D60000-0x0000000004D61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1916-59-0x00000000002F0000-0x00000000002F8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1916-60-0x0000000004F40000-0x0000000004FA9000-memory.dmp
    Filesize

    420KB

    Download