e54d51089e6919d089bb8822aa217cb52c091e02e226ac77f44d1d3c6b00f30c

General

Target

Purchase Order Sample.exe
Size

1.1MB
MD5

62cab4e17234f2f9845bf22b71e39613
SHA1

e2ea503f6a6207c9fb3380a3e8533966616330f0
SHA256

f38a6d59735df60c2612686710b66c44a0042b7df2fe97e048fc6e480ce4848c
SHA512

5f5089905544946fd65efae11a5355ef62e868b5bacae13f08615d38f7c3bb673788610c6026b0e4d645a359d39447bbcba03510a11e731c54876eb18d147e4a

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Purchase Order Sample.exe

pid	process
1648	Purchase Order Sample.exe
1648	Purchase Order Sample.exe
1648	Purchase Order Sample.exe
1648	Purchase Order Sample.exe
1648	Purchase Order Sample.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Purchase Order Sample.exe

description pid process

Token: SeDebugPrivilege 1648 Purchase Order Sample.exe

description	pid	process
Token: SeDebugPrivilege	1648	Purchase Order Sample.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Purchase Order Sample.exe

description	pid	process	target process
PID 1648 wrote to memory of 836	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 836	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 836	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 836	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1736	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1736	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1736	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1736	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1712	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1712	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1712	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 1712	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2032	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2032	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2032	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2032	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2040	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2040	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2040	1648	Purchase Order Sample.exe	Purchase Order Sample.exe
PID 1648 wrote to memory of 2040	1648	Purchase Order Sample.exe	Purchase Order Sample.exe

C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe
"C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe
"{path}"
2⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe
"{path}"
2⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe
"{path}"
2⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe
"{path}"
2⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Purchase Order Sample.exe
"{path}"
2⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-54-0x0000000000310000-0x0000000000424000-memory.dmp

Filesize
1.1MB

Download
memory/1648-55-0x0000000000580000-0x000000000058A000-memory.dmp

Filesize
40KB

Download
memory/1648-56-0x0000000004E70000-0x0000000004F12000-memory.dmp

Filesize
648KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads