Overview

overview

7

Static

static

3

po1261Temp...-2.exe

windows7-x64

7

po1261Temp...-2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/06/2023, 17:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    po1261Template of Invoice packing list3-2.exe

  • Size

    812KB

  • MD5

    2116c6988adf5127efda7c5b983d163f

  • SHA1

    8e5e2b6aefed9bb6d90f185feea18cd962ce5049

  • SHA256

    0b7841ea5b8040d0a636dfb94f374666baec80ee31307dc156c947b287d8f1cc

  • SHA512

    41adf03b6d6b5dc5cb97d6c26ead593e251830dad6219fe0b31b1b409be97595bc7a3f9fcd2a961152476af0b95214744b067a2590e19cfeac863887dd114d8e

  • SSDEEP

    12288:klKnuTEXqXdVEzLHHYsoRuEyfW5rcfr0iVyoF1o/YPZqEJzIHDnaK:xq4qXdVUeRDr8r0VoTMYsR7aK

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\po1261Template of Invoice packing list3-2.exe
    "C:\Users\Admin\AppData\Local\Temp\po1261Template of Invoice packing list3-2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\po1261Template of Invoice packing list3-2.exe
      "C:\Users\Admin\AppData\Local\Temp\po1261Template of Invoice packing list3-2.exe"
      2⤵
      • Checks computer location settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1476

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1476-61-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1476-66-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1476-65-0x0000000000A20000-0x0000000000D23000-memory.dmp

          Filesize

          3.0MB

          Download

        • memory/1476-64-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1476-63-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1476-62-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/2044-57-0x0000000004A60000-0x0000000004AA0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2044-60-0x0000000000D50000-0x0000000000D88000-memory.dmp

          Filesize

          224KB

          Download

        • memory/2044-59-0x0000000005700000-0x0000000005770000-memory.dmp

          Filesize

          448KB

          Download

        • memory/2044-58-0x0000000000480000-0x000000000048C000-memory.dmp

          Filesize

          48KB

          Download

        • memory/2044-54-0x0000000001050000-0x000000000111E000-memory.dmp

          Filesize

          824KB

          Download

        • memory/2044-56-0x0000000004A60000-0x0000000004AA0000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2044-55-0x0000000000460000-0x000000000046C000-memory.dmp

          Filesize

          48KB

          Download