10362025053537c1b8d4403a07d34c97e49a2cdeb688654ae8a83b690ad1422a

Analysis

max time kernel
55s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
22-09-2022 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DHL AWB TRACKING DETAILS.exe
Size

822KB
MD5

2b95282ad138c3c9d1815722efcdf67c
SHA1

bd10ee94b6edd1972028f83dc61ac302c912ca4b
SHA256

10362025053537c1b8d4403a07d34c97e49a2cdeb688654ae8a83b690ad1422a
SHA512

7c051e3602ff064f1a144a3ad3c656c41b93220fec8a2a11c84da7e2c0b3b690d3277a4d9a9aa38185039a260e97c62534b20acc7693d4361198752347b13143
SSDEEP

12288:x1Yyypu5Kcx4VESdndgNJ6l22yYv1gdA2S6SX+VqhcKSrUjuN6L/v9:iu5KcwndK6lByKAMt8qJcN6LX

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

DHL AWB TRACKING DETAILS.exe

pid	process
2016	DHL AWB TRACKING DETAILS.exe
2016	DHL AWB TRACKING DETAILS.exe
2016	DHL AWB TRACKING DETAILS.exe
2016	DHL AWB TRACKING DETAILS.exe
2016	DHL AWB TRACKING DETAILS.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DHL AWB TRACKING DETAILS.exe

description pid process

Token: SeDebugPrivilege 2016 DHL AWB TRACKING DETAILS.exe

description	pid	process
Token: SeDebugPrivilege	2016	DHL AWB TRACKING DETAILS.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

DHL AWB TRACKING DETAILS.exe

description	pid	process	target process
PID 2016 wrote to memory of 1324	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1324	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1324	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1324	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1224	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1224	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1224	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1224	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 852	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 852	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 852	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 852	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 2024	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 2024	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 2024	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 2024	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1540	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1540	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1540	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe
PID 2016 wrote to memory of 1540	2016	DHL AWB TRACKING DETAILS.exe	DHL AWB TRACKING DETAILS.exe

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2016

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
2⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
2⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
2⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
2⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe
"C:\Users\Admin\AppData\Local\Temp\DHL AWB TRACKING DETAILS.exe"
2⤵
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x0000000000100000-0x00000000001D2000-memory.dmp

Filesize
840KB

Download
memory/2016-55-0x0000000075661000-0x0000000075663000-memory.dmp

Filesize
8KB

Download
memory/2016-56-0x00000000003C0000-0x00000000003D4000-memory.dmp

Filesize
80KB

Download
memory/2016-57-0x0000000000410000-0x000000000041C000-memory.dmp

Filesize
48KB

Download
memory/2016-58-0x0000000005670000-0x0000000005704000-memory.dmp

Filesize
592KB

Download
memory/2016-59-0x00000000021A0000-0x00000000021DA000-memory.dmp

Filesize
232KB

Download