5ffa345944786c7b505a3b1b3392560b1b987529c49e11893642c8be816aa313

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Payment Advice16007618765.exe
Size

590KB
MD5

742b63d93401a9af88183725ee503df3
SHA1

ecfb96a3f57aee691a1c80a750518f39a8cbc474
SHA256

5ffa345944786c7b505a3b1b3392560b1b987529c49e11893642c8be816aa313
SHA512

713a629070a15990f1eaa70368bfa891ab3b736060c129ef689ecc8fd3bc5119de7379e71e272cf05d1fa50c73a68edb92a316a0507ee759e91d939d7b4af9b1
SSDEEP

12288:tGL21ILq9J2cWjoIa8JnjoQ/huW2YxUlbODcOYNSddW4Jf5CoXkR:ML21ILq9JrAa8RjDwLYxN4NGNfS

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Payment Advice16007618765.exe

pid	process
2304	Payment Advice16007618765.exe
2304	Payment Advice16007618765.exe
2304	Payment Advice16007618765.exe
2304	Payment Advice16007618765.exe
2304	Payment Advice16007618765.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Payment Advice16007618765.exe

description pid process

Token: SeDebugPrivilege 2304 Payment Advice16007618765.exe

description	pid	process
Token: SeDebugPrivilege	2304	Payment Advice16007618765.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Payment Advice16007618765.exe

description	pid	process	target process
PID 2304 wrote to memory of 2904	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2904	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2904	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2904	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2956	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2956	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2956	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2956	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2476	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2476	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2476	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2476	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2480	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2480	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2480	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2480	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2528	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2528	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2528	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe
PID 2304 wrote to memory of 2528	2304	Payment Advice16007618765.exe	Payment Advice16007618765.exe

C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2304

C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe"
2⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe"
2⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe"
2⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe"
2⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe
"C:\Users\Admin\AppData\Local\Temp\Payment Advice16007618765.exe"
2⤵
PID:2528

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-0-0x0000000000370000-0x0000000000406000-memory.dmp

Filesize
600KB

Download
memory/2304-1-0x0000000074390000-0x0000000074A7E000-memory.dmp

Filesize
6.9MB

Download
memory/2304-2-0x0000000002130000-0x0000000002170000-memory.dmp

Filesize
256KB

Download
memory/2304-3-0x0000000000600000-0x0000000000618000-memory.dmp

Filesize
96KB

Download
memory/2304-4-0x0000000000620000-0x000000000062E000-memory.dmp

Filesize
56KB

Download
memory/2304-5-0x0000000000630000-0x0000000000644000-memory.dmp

Filesize
80KB

Download
memory/2304-6-0x000000000A0C0000-0x000000000A122000-memory.dmp

Filesize
392KB

Download
memory/2304-7-0x0000000074390000-0x0000000074A7E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads