Overview

overview

5

Static

static

3

Revised invoice.exe

windows7-x64

5

Revised invoice.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2023, 09:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Revised invoice.exe

  • Size

    822KB

  • MD5

    740a4d6e95ef8e4b1daf0d6aa58e120b

  • SHA1

    d250f9f9c0745f172ddad67901ddff6898646cee

  • SHA256

    b895af0a401b54528188c54f7ddf3421bed6e79922e8050e04a0c241ee9e5d8c

  • SHA512

    f4ddb40eca7bbf8297c06abdf44d54d2c85bb3998e5e06523090a28db0830c73413b7404124576d079b80b82db21242b5d5d896516c0385c3a5a7fc4df30a7e1

  • SSDEEP

    24576:hUDlWxMiQW/O4ue7kjY4Oa2ZkByJ6xuwn:clYMiQWmS7qY4KOyJ6xuy

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Revised invoice.exe
    "C:\Users\Admin\AppData\Local\Temp\Revised invoice.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:840

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/840-61-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/840-66-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/840-65-0x0000000000970000-0x0000000000C73000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/840-64-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/840-63-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/840-62-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1732-57-0x0000000000AC0000-0x0000000000B00000-memory.dmp

          Filesize

          256KB

          Download

        • memory/1732-60-0x0000000001310000-0x0000000001348000-memory.dmp

          Filesize

          224KB

          Download

        • memory/1732-59-0x00000000051F0000-0x0000000005260000-memory.dmp

          Filesize

          448KB

          Download

        • memory/1732-58-0x00000000009A0000-0x00000000009AC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/1732-54-0x0000000001350000-0x0000000001422000-memory.dmp

          Filesize

          840KB

          Download

        • memory/1732-56-0x0000000000980000-0x0000000000992000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1732-55-0x0000000000AC0000-0x0000000000B00000-memory.dmp

          Filesize

          256KB

          Download