Analysis
-
max time kernel
28s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 12:13
Static task
static1
Behavioral task
behavioral1
Sample
PO_INV90.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
PO_INV90.exe
-
Size
366KB
-
MD5
0918ec31c64c03a628951b52d6f8fb10
-
SHA1
21c87c032464ffeb5c73dfc7899da4a16a8a4ff0
-
SHA256
adb1948d6b4d965ee35ea8107b1128a9075d3548b61a72cfb35d0893d1f4ffaf
-
SHA512
7a049054b8ec57c90ea749c96c4a9f0bc5ac69fbac8516453df58cebdc95261e9bd80f4b00c66f13c87fbc6a8397870a83d4063bdf47b07465744152df38feb3
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
PO_INV90.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run\SvUSL = "C:\\AUVQQRRF\\SvUSLK\\SvUSLKHCG.vbs" PO_INV90.exe -
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
PO_INV90.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum PO_INV90.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 PO_INV90.exe