c101bc6ce098c1531987543175771b755ebe79616497c5114ef510571c5f3d32

General

Target

DHL_AWB#6078538091.exe
Size

743KB
MD5

2685c5b3d73fe94a815a84c1dd5813ef
SHA1

edf893ff59c3437e942fd8cd40c9381ef536dbf2
SHA256

27769f4bb96d0e605bdc282658c6a729e4ceb8447cd9e1f9880c69862258e66f
SHA512

a989d2198b0a9d8bddff535bd821c124b347cbdb0a2ffb91ce76b9d91a4847e38ffd2a58300e53366004628729d5ac9d9dfc10539ae6808ab6c3d26877e6fc65
SSDEEP

12288:X4nWcI58atfrHsfjGrfrtofP/l1rkxNVOIiB3bow5404ni0C0eb:X4Y5JDsfjStMn3rkxNo+w5/4+0

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 4 IoCs

Processes:

DHL_AWB#6078538091.exeDHL_AWB#6078538091.exedvdplay.exe

description	pid	process	target process
PID 2252 set thread context of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 1396 set thread context of 1208	1396	DHL_AWB#6078538091.exe	Explorer.EXE
PID 1396 set thread context of 2688	1396	DHL_AWB#6078538091.exe	dvdplay.exe
PID 2688 set thread context of 1208	2688	dvdplay.exe	Explorer.EXE

Suspicious behavior: EnumeratesProcesses 35 IoCs

Processes:

DHL_AWB#6078538091.exeDHL_AWB#6078538091.exedvdplay.exe

pid	process
2252	DHL_AWB#6078538091.exe
2252	DHL_AWB#6078538091.exe
2252	DHL_AWB#6078538091.exe
2252	DHL_AWB#6078538091.exe
2252	DHL_AWB#6078538091.exe
2252	DHL_AWB#6078538091.exe
2252	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
1396	DHL_AWB#6078538091.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe
2688	dvdplay.exe

Suspicious behavior: MapViewOfSection 5 IoCs

Processes:

DHL_AWB#6078538091.exeExplorer.EXEdvdplay.exe

pid process

1396 DHL_AWB#6078538091.exe
1208 Explorer.EXE
1208 Explorer.EXE
2688 dvdplay.exe
2688 dvdplay.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DHL_AWB#6078538091.exe

description pid process

Token: SeDebugPrivilege 2252 DHL_AWB#6078538091.exe

pid	process
1396	DHL_AWB#6078538091.exe
1208	Explorer.EXE
1208	Explorer.EXE
2688	dvdplay.exe
2688	dvdplay.exe

description	pid	process
Token: SeDebugPrivilege	2252	DHL_AWB#6078538091.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

DHL_AWB#6078538091.exeExplorer.EXE

description	pid	process	target process
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 2252 wrote to memory of 1396	2252	DHL_AWB#6078538091.exe	DHL_AWB#6078538091.exe
PID 1208 wrote to memory of 2688	1208	Explorer.EXE	dvdplay.exe
PID 1208 wrote to memory of 2688	1208	Explorer.EXE	dvdplay.exe
PID 1208 wrote to memory of 2688	1208	Explorer.EXE	dvdplay.exe
PID 1208 wrote to memory of 2688	1208	Explorer.EXE	dvdplay.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1208

C:\Users\Admin\AppData\Local\Temp\DHL_AWB#6078538091.exe
"C:\Users\Admin\AppData\Local\Temp\DHL_AWB#6078538091.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Local\Temp\DHL_AWB#6078538091.exe
"C:\Users\Admin\AppData\Local\Temp\DHL_AWB#6078538091.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:1396

C:\Windows\SysWOW64\dvdplay.exe
"C:\Windows\SysWOW64\dvdplay.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2688

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-21-0x0000000008AD0000-0x000000000A63C000-memory.dmp

Filesize
27.4MB

Download
memory/1208-29-0x0000000008AD0000-0x000000000A63C000-memory.dmp

Filesize
27.4MB

Download
memory/1208-20-0x0000000002D30000-0x0000000002E30000-memory.dmp

Filesize
1024KB

Download
memory/1396-24-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-15-0x0000000000820000-0x0000000000B23000-memory.dmp

Filesize
3.0MB

Download
memory/1396-19-0x00000000002A0000-0x00000000002C3000-memory.dmp

Filesize
140KB

Download
memory/1396-25-0x00000000002A0000-0x00000000002C3000-memory.dmp

Filesize
140KB

Download
memory/1396-18-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-17-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-9-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-10-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1396-13-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1396-16-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2252-7-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-3-0x0000000000430000-0x0000000000448000-memory.dmp

Filesize
96KB

Download
memory/2252-8-0x0000000004D80000-0x0000000004DC0000-memory.dmp

Filesize
256KB

Download
memory/2252-0-0x0000000000C90000-0x0000000000D50000-memory.dmp

Filesize
768KB

Download
memory/2252-6-0x0000000004FE0000-0x0000000005060000-memory.dmp

Filesize
512KB

Download
memory/2252-5-0x00000000004E0000-0x00000000004EC000-memory.dmp

Filesize
48KB

Download
memory/2252-4-0x0000000000280000-0x0000000000288000-memory.dmp

Filesize
32KB

Download
memory/2252-1-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/2252-2-0x0000000004D80000-0x0000000004DC0000-memory.dmp

Filesize
256KB

Download
memory/2252-14-0x0000000074A60000-0x000000007514E000-memory.dmp

Filesize
6.9MB

Download
memory/2688-23-0x0000000000150000-0x000000000018C000-memory.dmp

Filesize
240KB

Download
memory/2688-26-0x0000000000900000-0x0000000000C03000-memory.dmp

Filesize
3.0MB

Download
memory/2688-27-0x0000000000150000-0x000000000018C000-memory.dmp

Filesize
240KB

Download
memory/2688-28-0x0000000000530000-0x00000000005D2000-memory.dmp

Filesize
648KB

Download
memory/2688-22-0x0000000000150000-0x000000000018C000-memory.dmp

Filesize
240KB

Download
memory/2688-30-0x0000000000150000-0x000000000018C000-memory.dmp

Filesize
240KB

Download
memory/2688-31-0x0000000000530000-0x00000000005D2000-memory.dmp

Filesize
648KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads