Overview

overview

10

Static

static

PaymentCon...on.exe

windows7_x64

1

PaymentCon...on.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PaymentConfirmation.exe

  • Size

    574KB

  • MD5

    2904c3bfa736172932918ccbf91f2d98

  • SHA1

    45331f756bebcd7725963855be38ec8b3611ccd5

  • SHA256

    496b64b591fd2d02597c9f5a4e8570f6a169ae268de8ce463ee00c890a4ad112

  • SHA512

    de2989ba1bd641679d4cbe2683e893bce496841576a5f6313cf689d0c3f69263dc0ed89c76db66a985109b35d33c2dc07d40328a5a63bda3f1563a934356cb33

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe
    "C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe
      "{path}"
      2⤵
        PID:1112
      • C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe
        "{path}"
        2⤵
          PID:1432
        • C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe
          "{path}"
          2⤵
            PID:952
          • C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe
            "{path}"
            2⤵
              PID:1000
            • C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe
              "{path}"
              2⤵
                PID:1108

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2024-54-0x00000000003C0000-0x0000000000456000-memory.dmp

              Filesize

              600KB

              Download

            • memory/2024-55-0x0000000076011000-0x0000000076013000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2024-56-0x0000000001DB0000-0x0000000001DB8000-memory.dmp

              Filesize

              32KB

              Download

            • memory/2024-57-0x0000000004B80000-0x0000000004BF2000-memory.dmp

              Filesize

              456KB

              Download

            • memory/2024-58-0x0000000005CC0000-0x0000000005D16000-memory.dmp

              Filesize

              344KB

              Download