Overview

overview

10

Static

static

Purchase Order.exe

windows7_x64

10

Purchase Order.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Purchase Order.exe

  • Size

    489KB

  • MD5

    e2617fc4c82436c96092b5b812bfa8ad

  • SHA1

    9337e67fb93d8fec2c64f08156389ae313297faa

  • SHA256

    777724ddfa6e73aca46c52991e3805ac1fabee9359fa362d9e084f4d2461fa04

  • SHA512

    96708fde6622ba1d27e349c116c25cea047123cd0d2c3d9e152a81d1c36e5048a9bb478917c13aea174d77ae68447b4634d253b284dcaaa6e37c5443fd4cd5e1

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
    "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4120-130-0x0000000000220000-0x00000000002A0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4120-131-0x00000000052D0000-0x0000000005874000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4120-132-0x0000000004C50000-0x0000000004CE2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4120-133-0x0000000004D00000-0x0000000004D0A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4120-134-0x0000000004FB0000-0x000000000504C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4120-135-0x0000000005250000-0x00000000052B6000-memory.dmp

    Filesize

    408KB

    Download