Overview

overview

10

Static

static

Due Invoice.exe

windows7_x64

3

Due Invoice.exe

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    03-12-2021 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Due Invoice.exe

  • Size

    361KB

  • MD5

    fee89edf9ce8a64002427441586b9398

  • SHA1

    59af280c214554fb9f15e3d6c3be307db897d27b

  • SHA256

    16ddf0f2279fcf3c7a73602d8d4d54c61b8685028b04b90663947bef4b784698

  • SHA512

    8deba7d7cf85568ca8565aeb9d04b7f6f6e2340cef7f2ce09c07ca40189ca24c513a79424d647cde4ca497b6ad5c3579010e3d193aac5a8f2f6388efc7d85201

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Due Invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Due Invoice.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 664
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/320-55-0x0000000000BA0000-0x0000000000BA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/320-57-0x0000000076A21000-0x0000000076A23000-memory.dmp
    Filesize

    8KB

    Download
  • memory/320-58-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/320-59-0x0000000000490000-0x0000000000498000-memory.dmp
    Filesize

    32KB

    Download
  • memory/320-60-0x00000000042C0000-0x000000000430B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/1892-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1892-62-0x0000000000250000-0x0000000000251000-memory.dmp
    Filesize

    4KB

    Download