Overview

overview

10

Static

static

PO_INV90.exe

windows7_x64

6

PO_INV90.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    28s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO_INV90.exe

  • Size

    366KB

  • MD5

    0918ec31c64c03a628951b52d6f8fb10

  • SHA1

    21c87c032464ffeb5c73dfc7899da4a16a8a4ff0

  • SHA256

    adb1948d6b4d965ee35ea8107b1128a9075d3548b61a72cfb35d0893d1f4ffaf

  • SHA512

    7a049054b8ec57c90ea749c96c4a9f0bc5ac69fbac8516453df58cebdc95261e9bd80f4b00c66f13c87fbc6a8397870a83d4063bdf47b07465744152df38feb3

Score
6/10
persistence

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO_INV90.exe
    "C:\Users\Admin\AppData\Local\Temp\PO_INV90.exe"
    1⤵
    • Adds Run key to start application
    • Maps connected drives based on registry
    PID:1664

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1664-54-0x0000000000DB0000-0x0000000000E12000-memory.dmp
    Filesize

    392KB

    Download
  • memory/1664-55-0x00000000004A0000-0x00000000004E2000-memory.dmp
    Filesize

    264KB

    Download
  • memory/1664-56-0x0000000000280000-0x0000000000283000-memory.dmp
    Filesize

    12KB

    Download