Overview

overview

10

Static

static

Payment Ad...df.exe

windows7_x64

3

Payment Ad...df.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-01-2022 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Advice.pdf.exe

  • Size

    370KB

  • MD5

    5cda0b468d4136fb19e1f79c258acbb9

  • SHA1

    0cb7a1174cf5d5a7089c8ed585c5e670974b9048

  • SHA256

    fa5511f4b07ca39be9b04bee49a2b103cf827a207d316d4d41bad9cede43c9bc

  • SHA512

    e05c563a4caf8aa1def8febbe0042cd97b8b08ff2c6a69215610b321fb77132f6f9f6d804cba0d2cc060e7d81789d379475b03b107087555f717809f51784f44

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment Advice.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Payment Advice.pdf.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1516 -s 1044
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/576-56-0x000007FEFB611000-0x000007FEFB613000-memory.dmp
    Filesize

    8KB

    Download
  • memory/576-57-0x0000000001B40000-0x0000000001B41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1516-54-0x000000013F8C0000-0x000000013F920000-memory.dmp
    Filesize

    384KB

    Download
  • memory/1516-55-0x000000001C1A0000-0x000000001C1A2000-memory.dmp
    Filesize

    8KB

    Download