Analysis

  • max time kernel
    4294183s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    12-03-2022 09:48

General

  • Target

    110322Payment Advice.img.exe

  • Size

    249KB

  • MD5

    f3e667cfdaab4b2c48deb58a2bfbb2e7

  • SHA1

    7f6990e35ee10a42563626c9e9a62e1700866c9a

  • SHA256

    bc0de8eda13f83b92b696086e054c0d2fe64cc1186ab36ed84fa58eb8e8c7906

  • SHA512

    d8eda03fa256ed1a3d0b05bf960d282618fa5d6a9cd8cc270969d33a394c83619d6b517e34538381b51b83fe1d1fd266d1efa6d579a9e72c763fa5c2a521d09f

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\110322Payment Advice.img.exe
    "C:\Users\Admin\AppData\Local\Temp\110322Payment Advice.img.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 1128
      2⤵
      • Program crash
      PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1644-54-0x0000000073F10000-0x00000000745FE000-memory.dmp
    Filesize

    6.9MB

  • memory/1644-55-0x0000000001130000-0x0000000001168000-memory.dmp
    Filesize

    224KB

  • memory/1644-56-0x0000000074CC1000-0x0000000074CC3000-memory.dmp
    Filesize

    8KB

  • memory/1644-57-0x0000000000330000-0x0000000000331000-memory.dmp
    Filesize

    4KB