Overview

overview

10

Static

static

10

Debit_Invoice.exe

windows7_x64

3

Debit_Invoice.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    33s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    14/06/2022, 07:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Debit_Invoice.exe

  • Size

    1.5MB

  • MD5

    8a045b880ead4d0ac9b9709fad3547b6

  • SHA1

    2a1fd9cdf9c35a40aa73af46b6dd345a2903dfac

  • SHA256

    0d3bfc388f1c5a6e131c708b80ad8cd43ed45c96bb0893f95f986ad4f7a29bb7

  • SHA512

    78593283f031102b59160170c0ae2500e3201824e3731b977e8400e1c4d1ddfa771b8bc64dc8a37fd5c3225132091de6a87d30d217428244944520d3f10d9082

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Debit_Invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Debit_Invoice.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:1688

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1612-56-0x00000000763E1000-0x00000000763E3000-memory.dmp

      Filesize

      8KB

      Download