Analysis
-
max time kernel
76s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 11:41
Static task
static1
Behavioral task
behavioral1
Sample
List of our purchase order.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
List of our purchase order.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
List of our purchase order.exe
-
Size
1.1MB
-
MD5
94c591351a9f0c0e8c61ee32b1e4bed8
-
SHA1
37c19b86622d1a9725a87c288af816aadda575a2
-
SHA256
017f433a49afcc765c5a5e7f39de6251fbe37d9c98f7d86f1abcefb1a9f559bc
-
SHA512
1b768f633f2d748a59a967f767eec9300e467163fc907b65c4b520c538bfeb89b7f957a566b365bce813ef9d47eb6e1372e3451b4527a62e37e9dcd30f4c0241
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
List of our purchase order.exedescription pid process target process PID 4908 wrote to memory of 4628 4908 List of our purchase order.exe ieinstal.exe PID 4908 wrote to memory of 4628 4908 List of our purchase order.exe ieinstal.exe PID 4908 wrote to memory of 4628 4908 List of our purchase order.exe ieinstal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\List of our purchase order.exe"C:\Users\Admin\AppData\Local\Temp\List of our purchase order.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4628-130-0x0000000000000000-mapping.dmp