Overview

overview

10

Static

static

List of ou...er.exe

windows7_x64

10

List of ou...er.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    76s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    List of our purchase order.exe

  • Size

    1.1MB

  • MD5

    94c591351a9f0c0e8c61ee32b1e4bed8

  • SHA1

    37c19b86622d1a9725a87c288af816aadda575a2

  • SHA256

    017f433a49afcc765c5a5e7f39de6251fbe37d9c98f7d86f1abcefb1a9f559bc

  • SHA512

    1b768f633f2d748a59a967f767eec9300e467163fc907b65c4b520c538bfeb89b7f957a566b365bce813ef9d47eb6e1372e3451b4527a62e37e9dcd30f4c0241

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\List of our purchase order.exe
    "C:\Users\Admin\AppData\Local\Temp\List of our purchase order.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Program Files (x86)\internet explorer\ieinstal.exe
      "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      2⤵
        PID:4628

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4628-130-0x0000000000000000-mapping.dmp
      Download