Overview

overview

10

Static

static

8

sales payment.scr

windows7_x64

1

sales payment.scr

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    28-01-2022 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sales payment.scr

  • Size

    711KB

  • MD5

    28996f9f1e4b645eed15f6bc8b51d937

  • SHA1

    190bec54bcc632a8d676ff9df2b4bcec455c25fc

  • SHA256

    66b2b5112b9aa05cd1c1d65b09499aecd3798e90af4cb2bfc7844372b4ba6f37

  • SHA512

    63a43eb9e28a869d0af32b745e61f39b429179af988592f98dec6e2175a013a442b4e1f1b21fa5ef378f92e9849c62c4dc7e21f169b745000f2bdc603abe1599

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
    "C:\Users\Admin\AppData\Local\Temp\sales payment.scr" /S
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
      "C:\Users\Admin\AppData\Local\Temp\sales payment.scr"
      2⤵
        PID:1452
      • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
        "C:\Users\Admin\AppData\Local\Temp\sales payment.scr"
        2⤵
          PID:1632
        • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
          "C:\Users\Admin\AppData\Local\Temp\sales payment.scr"
          2⤵
            PID:952
          • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
            "C:\Users\Admin\AppData\Local\Temp\sales payment.scr"
            2⤵
              PID:1100
            • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
              "C:\Users\Admin\AppData\Local\Temp\sales payment.scr"
              2⤵
                PID:376
              • C:\Users\Admin\AppData\Local\Temp\sales payment.scr
                "C:\Users\Admin\AppData\Local\Temp\sales payment.scr"
                2⤵
                  PID:660

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1636-54-0x0000000076421000-0x0000000076423000-memory.dmp
                Filesize

                8KB

                Download