Overview

overview

10

Static

static

Maerskline...ts.exe

windows7_x64

1

Maerskline...ts.exe

windows10-2004_x64

10

Resubmissions

04-07-2022 12:29

220704-ppc22sbcc3 10

04-07-2022 08:28

220704-kc3dysfffl 10

Analysis

  • max time kernel
    53s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    04-07-2022 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Maerskline Shipping Documents.exe

  • Size

    465KB

  • MD5

    773db3dd9028413802e995fddf202f5b

  • SHA1

    d1143329ab61dfac8b2e2e3f234b4416178ad2f0

  • SHA256

    a4bb6e9c41c7d7f5b782355f7fb056f44fe66ad6ebd0d589b7941b8905e219d8

  • SHA512

    abb0b3fac2e2681155e6b08da3dff405793e3294147cb140b8ad7334b921ce482767384cd0eb6a2ddddc7f0042f2413ce46b76a3c634d9b00c7be7946c84f36c

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe
    "C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe
      "C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe"
      2⤵
        PID:1908
      • C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe
        "C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe"
        2⤵
          PID:1096
        • C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe
          "C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe"
          2⤵
            PID:1108
          • C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe
            "C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe"
            2⤵
              PID:1440
            • C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe
              "C:\Users\Admin\AppData\Local\Temp\Maerskline Shipping Documents.exe"
              2⤵
                PID:2000

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1412-54-0x0000000000270000-0x00000000002EA000-memory.dmp
              Filesize

              488KB

              Download
            • memory/1412-55-0x00000000752A1000-0x00000000752A3000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1412-56-0x0000000000440000-0x0000000000456000-memory.dmp
              Filesize

              88KB

              Download
            • memory/1412-57-0x0000000000480000-0x000000000048A000-memory.dmp
              Filesize

              40KB

              Download
            • memory/1412-58-0x0000000007D80000-0x0000000007DE8000-memory.dmp
              Filesize

              416KB

              Download
            • memory/1412-59-0x0000000000700000-0x0000000000720000-memory.dmp
              Filesize

              128KB

              Download