Overview

overview

10

Static

static

3

Confirmaç...df.exe

windows7-x64

1

Confirmaç...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Confirmação do pedido.pdf.exe

  • Size

    590KB

  • MD5

    2f9e1385a9c419ad70bb121e4250ae0a

  • SHA1

    ee2018b7427e3eccd78683018864043a72d841a9

  • SHA256

    9a565700a3d3c7a802780c0e4ba717b082175fd33b5afc7dcfeb95905b6db784

  • SHA512

    9c7a9d86a29729b1189a027e11c40175928c2c76355678ebaa06a08b42a8b0d6c0e6ba6237d61aa81a8a80e8b9d52b22c877f45dd74a233c720fee10e6419917

  • SSDEEP

    12288:IS4CMwNNFJyvdgH7RPTwerlTuzRjynjSGqaJt2m8:IMFggH7RbweRTuzJsjSGqaJsm8

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe
      "C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe"
      2⤵
        PID:3068
      • C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe
        "C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe"
        2⤵
          PID:3064
        • C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe
          "C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe"
          2⤵
            PID:1644
          • C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe
            "C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe"
            2⤵
              PID:3000
            • C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe
              "C:\Users\Admin\AppData\Local\Temp\Confirmação do pedido.pdf.exe"
              2⤵
                PID:2668

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/952-0-0x0000000000180000-0x000000000021A000-memory.dmp
              Filesize

              616KB

              Download
            • memory/952-1-0x0000000074810000-0x0000000074EFE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/952-2-0x0000000004370000-0x00000000043B0000-memory.dmp
              Filesize

              256KB

              Download
            • memory/952-3-0x0000000000440000-0x0000000000452000-memory.dmp
              Filesize

              72KB

              Download
            • memory/952-4-0x0000000000460000-0x000000000046C000-memory.dmp
              Filesize

              48KB

              Download
            • memory/952-5-0x0000000004960000-0x00000000049D6000-memory.dmp
              Filesize

              472KB

              Download
            • memory/952-6-0x0000000074810000-0x0000000074EFE000-memory.dmp
              Filesize

              6.9MB

              Download