29d32b3efe2abe93f6dfb21200504ea1d44111a5ef2be1532d508984276413c0

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2023 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoice & SOA ready for dispatch.exe
Size

943KB
MD5

eea9bf4a16ab377328a59bde0a0c76df
SHA1

d6015abe7bd2ac246af5656410c7f7c7dc5f5637
SHA256

fd2ac4af2e4d90f117a8ba49d77cc480f0ad6a8a6cfa7479384d68ce27939f1a
SHA512

ca360f0d3572e09ca8f737af9137dd44ae0e1cdba25065876bc20fbd92463f1dd532d30e1c008af56dbc6f664107f688f9397ce4a7a75af3dc3bb5c1728b6ba5
SSDEEP

24576:6JOiQEUDJiJMHCxRCilWY+G348OYyVDWLr3IFE:6RaFKdLWYjECH3I

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 1004 set thread context of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 3432 set thread context of 3320	3432	RegSvcs.exe	58
PID 3432 set thread context of 2608	3432	RegSvcs.exe	109
PID 2608 set thread context of 3320	2608	fontview.exe	58

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\Registry\User\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\Storage2	fontview.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
1004	Invoice & SOA ready for dispatch.exe
1004	Invoice & SOA ready for dispatch.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
3432	RegSvcs.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3320	Explorer.EXE

Suspicious behavior: MapViewOfSection 7 IoCs

pid	Process
3432	RegSvcs.exe
3320	Explorer.EXE
3320	Explorer.EXE
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe
2608	fontview.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1004	Invoice & SOA ready for dispatch.exe
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3320	Explorer.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 1004 wrote to memory of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 1004 wrote to memory of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 1004 wrote to memory of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 1004 wrote to memory of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 1004 wrote to memory of 3432	1004	Invoice & SOA ready for dispatch.exe	101
PID 3320 wrote to memory of 2608	3320	Explorer.EXE	109
PID 3320 wrote to memory of 2608	3320	Explorer.EXE	109
PID 3320 wrote to memory of 2608	3320	Explorer.EXE	109
PID 2608 wrote to memory of 1816	2608	fontview.exe	111
PID 2608 wrote to memory of 1816	2608	fontview.exe	111
PID 2608 wrote to memory of 1816	2608	fontview.exe	111

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Users\Admin\AppData\Local\Temp\Invoice & SOA ready for dispatch.exe
  "C:\Users\Admin\AppData\Local\Temp\Invoice & SOA ready for dispatch.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1004
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:3432
- C:\Windows\SysWOW64\fontview.exe
  "C:\Windows\SysWOW64\fontview.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Program Files\Mozilla Firefox\Firefox.exe
    "C:\Program Files\Mozilla Firefox\Firefox.exe"
    3⤵
    PID:1816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1004-10-0x0000000006C30000-0x0000000006CD2000-memory.dmp

Filesize
648KB

Download
memory/1004-14-0x0000000074D10000-0x00000000754C0000-memory.dmp

Filesize
7.7MB

Download
memory/1004-2-0x0000000005520000-0x0000000005AC4000-memory.dmp

Filesize
5.6MB

Download
memory/1004-3-0x0000000004F70000-0x0000000005002000-memory.dmp

Filesize
584KB

Download
memory/1004-4-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/1004-5-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/1004-6-0x0000000005170000-0x000000000517E000-memory.dmp

Filesize
56KB

Download
memory/1004-8-0x0000000005180000-0x000000000518A000-memory.dmp

Filesize
40KB

Download
memory/1004-9-0x0000000005190000-0x00000000051A0000-memory.dmp

Filesize
64KB

Download
memory/1004-1-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/1004-7-0x0000000074D10000-0x00000000754C0000-memory.dmp

Filesize
7.7MB

Download
memory/1004-11-0x0000000009330000-0x00000000093CC000-memory.dmp

Filesize
624KB

Download
memory/1004-0-0x0000000074D10000-0x00000000754C0000-memory.dmp

Filesize
7.7MB

Download
memory/2608-26-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download
memory/2608-59-0x0000000002130000-0x00000000021D3000-memory.dmp

Filesize
652KB

Download
memory/2608-46-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download
memory/2608-27-0x0000000002130000-0x00000000021D3000-memory.dmp

Filesize
652KB

Download
memory/2608-22-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download
memory/2608-25-0x00000000022A0000-0x00000000025EA000-memory.dmp

Filesize
3.3MB

Download
memory/2608-21-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download
memory/3320-79-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-58-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-106-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-105-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-103-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-102-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-101-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-28-0x0000000002F60000-0x0000000003039000-memory.dmp

Filesize
868KB

Download
memory/3320-29-0x0000000002F60000-0x0000000003039000-memory.dmp

Filesize
868KB

Download
memory/3320-30-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-31-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-33-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-32-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-34-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-35-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-36-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-37-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-38-0x000000000D5B0000-0x000000000EEEE000-memory.dmp

Filesize
25.2MB

Download
memory/3320-39-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-41-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/3320-40-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-42-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-43-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-45-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-44-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/3320-47-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-50-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-49-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-97-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-52-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-53-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-56-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-55-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/3320-57-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-54-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-20-0x000000000D5B0000-0x000000000EEEE000-memory.dmp

Filesize
25.2MB

Download
memory/3320-99-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-61-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-62-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-60-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-63-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download
memory/3320-64-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/3320-66-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/3320-72-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-73-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-75-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-74-0x0000000000EF0000-0x0000000000F00000-memory.dmp

Filesize
64KB

Download
memory/3320-76-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-77-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-98-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3320-78-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-81-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-84-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-83-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-85-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3320-86-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-87-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-88-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-89-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-90-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-92-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-94-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3320-95-0x0000000000EF0000-0x0000000000F00000-memory.dmp

Filesize
64KB

Download
memory/3320-96-0x0000000001120000-0x0000000001130000-memory.dmp

Filesize
64KB

Download
memory/3432-12-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3432-15-0x0000000001590000-0x00000000018DA000-memory.dmp

Filesize
3.3MB

Download
memory/3432-16-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3432-17-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3432-18-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3432-19-0x0000000001510000-0x0000000001534000-memory.dmp

Filesize
144KB

Download
memory/3432-24-0x0000000001510000-0x0000000001534000-memory.dmp

Filesize
144KB

Download
memory/3432-23-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download