Overview

overview

5

Static

static

1

逾期形�...ad.exe

windows7-x64

5

逾期形�...ad.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2023, 06:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    逾期形式發票-payload.exe

  • Size

    778KB

  • MD5

    90f2f956c4cb4a08203fa9a9320699bd

  • SHA1

    93eb5d9a3f8bf277b9583d420273c62a3ce8cf54

  • SHA256

    ea87677874c1bf9754cf9b13d14d49c3841ac648fa54844f74866334befbbb64

  • SHA512

    1df851d5cc0ae5e5d36bdfffd78a68852fb16ec75724a98c0fa120a59e36b55dc6afdf542c6126854fafc3cfa0acf3950f3f9d2137f49945624702068693e5b3

  • SSDEEP

    24576:wXhP7pbPY9CQRzwGKFV7t4A4OpjrlQ0FCloCa3oJd:wXhP7pbPY9COwG2xt4pOpXlQrRd

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\逾期形式發票-payload.exe
    "C:\Users\Admin\AppData\Local\Temp\逾期形式發票-payload.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:920
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1428

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/920-54-0x0000000000990000-0x0000000000A54000-memory.dmp

          Filesize

          784KB

          Download

        • memory/920-55-0x0000000000340000-0x0000000000346000-memory.dmp

          Filesize

          24KB

          Download

        • memory/920-56-0x0000000000350000-0x0000000000360000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1428-57-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1428-58-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1428-59-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1428-60-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1428-61-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1428-62-0x0000000000950000-0x0000000000C53000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/1428-63-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download