Overview

overview

7

Static

static

5

VM Accord, ORDER.exe

windows7-x64

7

VM Accord, ORDER.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    156s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VM Accord, ORDER.exe

  • Size

    1.1MB

  • MD5

    3c306eae74d332ae0b65bb6c72119e83

  • SHA1

    68caa2090296981984601d41c6a6bf851c695901

  • SHA256

    c73072d530f242b4cc2b4e121f74f5a48304ef3271da33432b15bb43e8cebd73

  • SHA512

    658bb8fda37c94bb39db2d98bfe1ddd7c83499ef274af5b25c7e21606ab207c052d394560678da98c4344ab398c5360c36aa7af78783741af4f00975e8740d4c

  • SSDEEP

    24576:JAHnh+eWsN3skA4RV1Hom2KXMmHaKQynYdTUrUQU3EI5:Qh+ZkldoPK8YaKcpUrPU3b

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 63 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3240
    • C:\Users\Admin\AppData\Local\Temp\VM Accord, ORDER.exe
      "C:\Users\Admin\AppData\Local\Temp\VM Accord, ORDER.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1140
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\VM Accord, ORDER.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:496
    • C:\Windows\SysWOW64\certreq.exe
      "C:\Windows\SysWOW64\certreq.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:1020
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:232

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut20E1.tmp
      Filesize

      263KB

      MD5

      269bdb9c9c3db9b784e97ca01fbf5dd3

      SHA1

      ab5e0545c82fb2c9167e3819cf8738400a27a320

      SHA256

      7cc6a2e37aabec8c018093e8dd10a7bafec8b6f96009927b7edac8ef3c0268b4

      SHA512

      5630c46256923e3bd22f439de3f156e622b3e8ff2a3785d4b50967d4b73ffb7e0eec56535a8b225ff70fb32602b14df4420a73f2ab5a646a82621062a20a16f7

      Download Submit

    • memory/496-22-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/496-13-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/496-14-0x0000000001700000-0x0000000001A4A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/496-15-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/496-16-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/496-17-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/496-18-0x0000000001540000-0x0000000001561000-memory.dmp

      Filesize

      132KB

      Download

    • memory/496-23-0x0000000001540000-0x0000000001561000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1020-21-0x0000000000A10000-0x0000000000A4F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1020-20-0x0000000000A10000-0x0000000000A4F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1020-24-0x0000000002D90000-0x00000000030DA000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1020-25-0x0000000000A10000-0x0000000000A4F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1020-26-0x0000000002BC0000-0x0000000002C60000-memory.dmp

      Filesize

      640KB

      Download

    • memory/1020-28-0x0000000000A10000-0x0000000000A4F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1020-29-0x0000000002BC0000-0x0000000002C60000-memory.dmp

      Filesize

      640KB

      Download

    • memory/1140-12-0x0000000000C90000-0x0000000000C94000-memory.dmp

      Filesize

      16KB

      Download

    • memory/3240-19-0x000000000D630000-0x000000000EFE5000-memory.dmp

      Filesize

      25.7MB

      Download

    • memory/3240-27-0x000000000D630000-0x000000000EFE5000-memory.dmp

      Filesize

      25.7MB

      Download

    • memory/3240-30-0x0000000008320000-0x0000000008408000-memory.dmp

      Filesize

      928KB

      Download

    • memory/3240-31-0x0000000008320000-0x0000000008408000-memory.dmp

      Filesize

      928KB

      Download