840c7c4082f868ca58dc61ce2fa6309ffcbc17c81fd82306eb6ea558eeeba7e2

Analysis

max time kernel
52s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/05/2023, 10:20

Target

proof of payment.pdf.exe
Size

559KB
MD5

12a020044ef1ff75bfd860bcee9a3762
SHA1

77008edc365f7a4ad1b1be97c1ad4fc5e96869a5
SHA256

840c7c4082f868ca58dc61ce2fa6309ffcbc17c81fd82306eb6ea558eeeba7e2
SHA512

d7d32aa05253cf106d9d3e9e73c51f29366d7d66a58e1e7bfcd928e5b8ee0f2515fcbedd0ab867646edc891b5fef1a306bc8b399102cb7df808aaf6b269897b1
SSDEEP

6144:GCL+2ACrZFup6K1nS+mtiQTCXOgoX93+Tm7Tv7vnvnmc1pBWRWDSG:F26lLtiGaOg693+Tmnrvmc1pBWMm

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\proof of payment.pdf.exe	proof of payment.pdf.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\proof of payment.pdf.exe	proof of payment.pdf.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1692 set thread context of 432	1692	proof of payment.pdf.exe	28

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
432	proof of payment.pdf.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28
PID 1692 wrote to memory of 432	1692	proof of payment.pdf.exe	28

memory/432-64-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/432-61-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/432-73-0x0000000000460000-0x00000000004A0000-memory.dmp

Filesize
256KB

Download
memory/432-72-0x0000000000460000-0x00000000004A0000-memory.dmp

Filesize
256KB

Download
memory/432-69-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/432-67-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/432-62-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/432-65-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/432-60-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1692-54-0x0000000000B40000-0x0000000000BD2000-memory.dmp

Filesize
584KB

Download
memory/1692-55-0x0000000004DB0000-0x0000000004DF0000-memory.dmp

Filesize
256KB

Download
memory/1692-59-0x0000000000A30000-0x0000000000A3A000-memory.dmp

Filesize
40KB

Download
memory/1692-58-0x0000000004CC0000-0x0000000004D22000-memory.dmp

Filesize
392KB

Download
memory/1692-57-0x0000000004DB0000-0x0000000004DF0000-memory.dmp

Filesize
256KB

Download
memory/1692-56-0x0000000000560000-0x0000000000574000-memory.dmp

Filesize
80KB

Download