Analysis
-
max time kernel
40s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 12:13
Static task
static1
Behavioral task
behavioral1
Sample
Al-Mansoor _Quote_Order CAYAN LISTS14_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Al-Mansoor _Quote_Order CAYAN LISTS14_PDF.exe
Resource
win10v2004-20220414-en
General
-
Target
Al-Mansoor _Quote_Order CAYAN LISTS14_PDF.exe
-
Size
935KB
-
MD5
5445d45c4c5055033ab93973240c2e14
-
SHA1
e8fd33792d1ed321f8acf05c52ca79f29b60dc59
-
SHA256
565d56fb2be1977b8189a0d31222abb99e72d84d777b4253f63bca44ce0535d7
-
SHA512
35bc3c9de1b84e0b02a6dd1d5e8d34a6b6ddf4b45b5fcf0260bb7bbb5abf8a980ae1a00486363480976afa708e5f46a5babdaf5838fdd2dc8de1dd8922132075
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule behavioral1/memory/644-56-0x00000000009A0000-0x00000000009A8000-memory.dmp coreentity -
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
Processes:
resource yara_rule behavioral1/memory/644-57-0x00000000075A0000-0x0000000007650000-memory.dmp rezer0
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/644-54-0x0000000000C10000-0x0000000000D00000-memory.dmpFilesize
960KB
-
memory/644-55-0x0000000075BF1000-0x0000000075BF3000-memory.dmpFilesize
8KB
-
memory/644-56-0x00000000009A0000-0x00000000009A8000-memory.dmpFilesize
32KB
-
memory/644-57-0x00000000075A0000-0x0000000007650000-memory.dmpFilesize
704KB