657dab1428ceaa0a3e6621c65fecbb63cc6d6adba6910d0ee4e9c74a36ae2a50 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05/08/2023, 23:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Invoice_RFVAB.exe
Size

80.0MB
MD5

e32db25c27dd1a1c463e2b5232ec5bdf
SHA1

94816bd6371ebefaa13895de8c0c5a19abd7c04a
SHA256

657dab1428ceaa0a3e6621c65fecbb63cc6d6adba6910d0ee4e9c74a36ae2a50
SHA512

4a13cf766d2bba34e399e097d8683f7b617a4c9118ae63f2fe210d518e343e2af96be47f2f01a035ec1bcb66e33bbc851738b2b96c9102ac4c45ab9b9c640e0c
SSDEEP

6144:iBSF9r5RIG+nrLo/WV1UELdAGzPWeLBIWQEpAWj:ieLTGLo/a1UELdzPL+Sp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2248	2580	Invoice_RFVAB.exe	29
PID 2580 wrote to memory of 2248	2580	Invoice_RFVAB.exe	29
PID 2580 wrote to memory of 2248	2580	Invoice_RFVAB.exe	29

C:\Users\Admin\AppData\Local\Temp\Invoice_RFVAB.exe
"C:\Users\Admin\AppData\Local\Temp\Invoice_RFVAB.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\system32\notepad.exe
  notepad.exe
  2⤵
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads