f04ace87c55691161603b413725e8a4a6e8035260678e7d0b3b39b51d8c23cc4

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21-08-2023 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

payment.exe
Size

747KB
MD5

5a9bce6908490be3729050df12be32b9
SHA1

a9e5db1d42349eada2198a2c8cef15babe338bb2
SHA256

f04ace87c55691161603b413725e8a4a6e8035260678e7d0b3b39b51d8c23cc4
SHA512

864427973f23054b2e4f7e6efa1a0b0b4b727c89f9b27465799448ffd79953ab0bb357fdb503c4608caac415613f4a1bd501518be1ba5c3d68aa1ff58b1818f3
SSDEEP

12288:CMsVh3mHgDWA0WHQiLHyP40wI8AzR6HT9XWZQp5Jrc1MPUkFDLn1h5ZjNl0b:CmHU3bHrK40wI1CT9B5Jg1MFVLnDD

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2624 set thread context of 2888	2624	payment.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2512	2888	WerFault.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2624	payment.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2624 wrote to memory of 2888	2624	payment.exe	28
PID 2888 wrote to memory of 2512	2888	payment.exe	29
PID 2888 wrote to memory of 2512	2888	payment.exe	29
PID 2888 wrote to memory of 2512	2888	payment.exe	29
PID 2888 wrote to memory of 2512	2888	payment.exe	29

C:\Users\Admin\AppData\Local\Temp\payment.exe
"C:\Users\Admin\AppData\Local\Temp\payment.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\payment.exe
  "C:\Users\Admin\AppData\Local\Temp\payment.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 544
    3⤵
    - Program crash
    PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2624-93-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-57-0x00000000007F0000-0x000000000081A000-memory.dmp

Filesize
168KB

Download
memory/2624-55-0x0000000004BA0000-0x0000000004C5E000-memory.dmp

Filesize
760KB

Download
memory/2624-87-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-56-0x0000000000DF0000-0x0000000000E30000-memory.dmp

Filesize
256KB

Download
memory/2624-58-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-59-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-61-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-63-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-65-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-89-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-69-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-54-0x00000000741F0000-0x00000000748DE000-memory.dmp

Filesize
6.9MB

Download
memory/2624-73-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-77-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-75-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-81-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-79-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-85-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-83-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-67-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-53-0x0000000000E60000-0x0000000000F22000-memory.dmp

Filesize
776KB

Download
memory/2624-71-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-91-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-97-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-95-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-99-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-101-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-105-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-103-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-107-0x00000000007F0000-0x0000000000813000-memory.dmp

Filesize
140KB

Download
memory/2624-108-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2624-118-0x00000000741F0000-0x00000000748DE000-memory.dmp

Filesize
6.9MB

Download
memory/2888-110-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-111-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-112-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-113-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2888-115-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-109-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-117-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-120-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2888-121-0x0000000073B00000-0x00000000741EE000-memory.dmp

Filesize
6.9MB

Download
memory/2888-122-0x0000000073B00000-0x00000000741EE000-memory.dmp

Filesize
6.9MB

Download
memory/2888-123-0x0000000073B00000-0x00000000741EE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads