Overview

overview

7

Static

static

3

Payroll_2021.bin

windows7_x64

7

Payroll_2021.bin

windows10_x64

7

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    03-12-2021 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payroll_2021.bin

  • Size

    12.2MB

  • MD5

    15518d5c35980b174fa79db41066ddbb

  • SHA1

    c702da0190139cf05639bb4b660c6347f507a574

  • SHA256

    4d045262dbdb511c5771899d51511d8265024fc4d2e897913d3e5766b37cff6a

  • SHA512

    a3d97b7bf07c9786d63eaeaa0bf75194f3f3b8ed2e8991932912aefa7c2ab849e750034cf8b10a77580511494c09567fd3431910700d14386815701c99cd6f55

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin
      C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:640
      • C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin
        C:\Users\Admin\AppData\Local\Temp\Payroll_2021.bin
        3⤵
        • Loads dropped DLL
        PID:1060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI6402\python310.dll
    MD5

    384349987b60775d6fc3a6d202c3e1bd

    SHA1

    701cb80c55f859ad4a31c53aa744a00d61e467e5

    SHA256

    f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

    SHA512

    6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI6402\python310.dll
    MD5

    384349987b60775d6fc3a6d202c3e1bd

    SHA1

    701cb80c55f859ad4a31c53aa744a00d61e467e5

    SHA256

    f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

    SHA512

    6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

    Download Submit
  • memory/640-55-0x0000000000000000-mapping.dmp
    Download
  • memory/640-56-0x000007FEFBB71000-0x000007FEFBB73000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1060-57-0x0000000000000000-mapping.dmp
    Download