9966abd2f2239c4ab9ef470ba0a76c3546645666976c45d7294214d283510140

Analysis

max time kernel
49s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16-04-2023 11:42

Target

Purchase Order.exe
Size

1.3MB
MD5

293fdf1a86054e7f7ea5468093a32619
SHA1

556f35a6bc2f99c18eac6efc24772bcaea2c4dc7
SHA256

9966abd2f2239c4ab9ef470ba0a76c3546645666976c45d7294214d283510140
SHA512

dd89c55471e4573b14bc8b15fd5f268bc03f6c47d127bb3a07f70b3ff7ecf6c43f86eae13a2bf70d15baf9df2de198cbb5a18b287dff08027a7dbbb51d6d94df
SSDEEP

24576:dlDz26SjmWjOMnxBZL/gBDTOihq+6yYAJOxyaLYJydD4noK1kY2OdGJ306n2r6L:bDcmWKMx7L/oHOihz6y9JOx2Ig162OL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1536	Purchase Order.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1152	1536	Purchase Order.exe	27
PID 1536 wrote to memory of 1152	1536	Purchase Order.exe	27
PID 1536 wrote to memory of 1152	1536	Purchase Order.exe	27
PID 1536 wrote to memory of 1152	1536	Purchase Order.exe	27
PID 1536 wrote to memory of 1660	1536	Purchase Order.exe	28
PID 1536 wrote to memory of 1660	1536	Purchase Order.exe	28
PID 1536 wrote to memory of 1660	1536	Purchase Order.exe	28
PID 1536 wrote to memory of 1660	1536	Purchase Order.exe	28
PID 1536 wrote to memory of 520	1536	Purchase Order.exe	29
PID 1536 wrote to memory of 520	1536	Purchase Order.exe	29
PID 1536 wrote to memory of 520	1536	Purchase Order.exe	29
PID 1536 wrote to memory of 520	1536	Purchase Order.exe	29
PID 1536 wrote to memory of 468	1536	Purchase Order.exe	30
PID 1536 wrote to memory of 468	1536	Purchase Order.exe	30
PID 1536 wrote to memory of 468	1536	Purchase Order.exe	30
PID 1536 wrote to memory of 468	1536	Purchase Order.exe	30
PID 1536 wrote to memory of 696	1536	Purchase Order.exe	31
PID 1536 wrote to memory of 696	1536	Purchase Order.exe	31
PID 1536 wrote to memory of 696	1536	Purchase Order.exe	31
PID 1536 wrote to memory of 696	1536	Purchase Order.exe	31

C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
"C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
  2⤵
  PID:1152
- C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
  2⤵
  PID:1660
- C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
  2⤵
  PID:520
- C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
  2⤵
  PID:468
- C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
  2⤵
  PID:696

memory/1536-54-0x0000000000010000-0x000000000016A000-memory.dmp

Filesize
1.4MB

Download
memory/1536-55-0x0000000002010000-0x0000000002050000-memory.dmp

Filesize
256KB

Download
memory/1536-56-0x0000000000520000-0x000000000052C000-memory.dmp

Filesize
48KB

Download
memory/1536-57-0x0000000002010000-0x0000000002050000-memory.dmp

Filesize
256KB

Download
memory/1536-58-0x0000000000540000-0x000000000054C000-memory.dmp

Filesize
48KB

Download
memory/1536-59-0x0000000005A70000-0x0000000005BA8000-memory.dmp

Filesize
1.2MB

Download
memory/1536-60-0x0000000005E30000-0x0000000005FE0000-memory.dmp

Filesize
1.7MB

Download