Overview

overview

10

Static

static

Anti Marki...ts.exe

windows7_x64

10

Anti Marki...ts.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    134s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anti Markietng Purchase Order Sheets.exe

  • Size

    1.0MB

  • MD5

    879f8158a062005bd3976a45233f8c69

  • SHA1

    d6c3f71339d930006117125c007e2ea199e221f6

  • SHA256

    3f97dfbae448b3eb28d6f08f666029037d890dc94dbce0e372b4dd2a63fd037f

  • SHA512

    306f0f81cc26e2108ab1270be6eb9f1842539079ea174e471a0019b97078df54f257e735cde6d2e076373473d4612bf5f0835e00a963da7b0999fceb216931d9

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Anti Markietng Purchase Order Sheets.exe
    "C:\Users\Admin\AppData\Local\Temp\Anti Markietng Purchase Order Sheets.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\Anti Markietng Purchase Order Sheets.exe
      "{path}"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4392
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\Anti Markietng Purchase Order Sheets.exe' & exit
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\Anti Markietng Purchase Order Sheets.exe'
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Anti Markietng Purchase Order Sheets.exe.log
    Filesize

    507B

    MD5

    8cf94b5356be60247d331660005941ec

    SHA1

    fdedb361f40f22cb6a086c808fc0056d4e421131

    SHA256

    52a5b2d36f2b72cb02c695cf7ef46444dda73d4ea82a73e0894c805fa9987bc0

    SHA512

    b886dfc8bf03f8627f051fb6e2ac40ae2e7713584695a365728eb2e2c87217830029aa35bd129c642fa03dde3f7a7dd5690b16248676be60a6bb5f497fb23651

    Download Submit
  • memory/1740-131-0x0000000005EE0000-0x0000000006484000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/1740-132-0x0000000005AD0000-0x0000000005B62000-memory.dmp
    Filesize

    584KB

    Download
  • memory/1740-133-0x0000000005C10000-0x0000000005CAC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/1740-130-0x0000000000C20000-0x0000000000D2C000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2572-137-0x0000000000000000-mapping.dmp
    Download
  • memory/4392-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4392-136-0x0000000005680000-0x00000000056E6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4392-135-0x0000000000400000-0x000000000049A000-memory.dmp
    Filesize

    616KB

    Download
  • memory/4420-139-0x0000000000000000-mapping.dmp
    Download
  • memory/4420-140-0x0000000002550000-0x0000000002586000-memory.dmp
    Filesize

    216KB

    Download
  • memory/4420-141-0x0000000004F50000-0x0000000005578000-memory.dmp
    Filesize

    6.2MB

    Download
  • memory/4420-142-0x0000000004E80000-0x0000000004EA2000-memory.dmp
    Filesize

    136KB

    Download
  • memory/4420-143-0x00000000055F0000-0x0000000005656000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4420-144-0x0000000005E10000-0x0000000005E2E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/4420-145-0x0000000007470000-0x0000000007AEA000-memory.dmp
    Filesize

    6.5MB

    Download
  • memory/4420-146-0x00000000062F0000-0x000000000630A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4420-147-0x0000000006E90000-0x0000000006F26000-memory.dmp
    Filesize

    600KB

    Download
  • memory/4420-148-0x0000000006410000-0x0000000006432000-memory.dmp
    Filesize

    136KB

    Download