64414bcde682d419e1b429c0ceafaefb3dbc8764c019bf0d770d8c0eee907692

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe
Size

155KB
MD5

0e2159397288f21642263788b1f71af2
SHA1

6d2254324ab799fbd904341897a40aa7566557d0
SHA256

64414bcde682d419e1b429c0ceafaefb3dbc8764c019bf0d770d8c0eee907692
SHA512

4c083266a88cefa5b684978f6e2bbff08e418fb5e55c18a1d725aeee4b62f30b3339d65b56cd2fe3497aa9af3c81300fc9e11ea8ec55e51a42a25450b66df874
SSDEEP

3072:bqO/BCbH6oVAJtoAfNr9BM7Zg01urVeWq3:OiUb/qxVr9qle4

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Qvcialov.vbs	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3976 set thread context of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe
440	MSBuild.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe
Token: SeDebugPrivilege	440	MSBuild.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87
PID 3976 wrote to memory of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87
PID 3976 wrote to memory of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87
PID 3976 wrote to memory of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87
PID 3976 wrote to memory of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87
PID 3976 wrote to memory of 440	3976	MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe	87

C:\Users\Admin\AppData\Local\Temp\MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe
"C:\Users\Admin\AppData\Local\Temp\MVS Engineering Pvt. Ltd Purchase Order 17th August 2023 pdf.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/440-1222-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/440-1225-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/440-1224-0x0000000001140000-0x000000000148A000-memory.dmp

Filesize
3.3MB

Download
memory/3976-170-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-176-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-138-0x0000000005AA0000-0x0000000005AAA000-memory.dmp

Filesize
40KB

Download
memory/3976-139-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-140-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-142-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-144-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-146-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-148-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-150-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-152-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-154-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-156-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-158-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-160-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-162-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-164-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-174-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-168-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-133-0x0000000000F10000-0x0000000000F3E000-memory.dmp

Filesize
184KB

Download
memory/3976-137-0x0000000005880000-0x0000000005890000-memory.dmp

Filesize
64KB

Download
memory/3976-172-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-166-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-178-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-180-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-182-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-184-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-186-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-190-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-188-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-192-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-194-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-196-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-198-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-200-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-202-0x0000000008420000-0x00000000084FF000-memory.dmp

Filesize
892KB

Download
memory/3976-951-0x0000000074570000-0x0000000074D20000-memory.dmp

Filesize
7.7MB

Download
memory/3976-1217-0x0000000007860000-0x0000000007861000-memory.dmp

Filesize
4KB

Download
memory/3976-1216-0x0000000005880000-0x0000000005890000-memory.dmp

Filesize
64KB

Download
memory/3976-136-0x00000000058F0000-0x0000000005982000-memory.dmp

Filesize
584KB

Download
memory/3976-1223-0x0000000074570000-0x0000000074D20000-memory.dmp

Filesize
7.7MB

Download
memory/3976-135-0x0000000005DA0000-0x0000000006344000-memory.dmp

Filesize
5.6MB

Download
memory/3976-134-0x0000000074570000-0x0000000074D20000-memory.dmp

Filesize
7.7MB

Download