Overview

overview

5

Static

static

3

Purchase O...00.exe

windows7-x64

5

Purchase O...00.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 06:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Purchase Order #98540-00.exe

  • Size

    736KB

  • MD5

    0101d2387c9a81bdad56aa3765e9fa3e

  • SHA1

    56bf8e401286ad8e1164de23bedb3602d082ba61

  • SHA256

    8e4481aa91ac42ef442ad4ebe1ff13b655f7e87e44fbd7d29391856d44f64e47

  • SHA512

    74def4daad78a32fce25c69a5ed40568108d27262c7f1b1170665b225572f58bf65a9be93a7805fdfad6776055e65340e6b1f1c4d496cb44a28a263f6652f88f

  • SSDEEP

    12288:YAGemiaPaGTBfFxsn0uigZ+nAcbhe63TEtcGDRnD1JdDiEEH5pG3utV6A+Syd6AS:YNaGA0FgMAI9NeJDVEHLrtVU6p5iqEL

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Purchase Order #98540-00.exe
    "C:\Users\Admin\AppData\Local\Temp\Purchase Order #98540-00.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
      2⤵
        PID:3064

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2336-0-0x000007FEF54C3000-0x000007FEF54C4000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2336-1-0x0000000000EF0000-0x0000000000FAE000-memory.dmp

      Filesize

      760KB

      Download

    • memory/2336-2-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2336-3-0x0000000000840000-0x000000000085C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/2336-4-0x0000000000800000-0x0000000000814000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2336-5-0x000000001BD20000-0x000000001BDA8000-memory.dmp

      Filesize

      544KB

      Download

    • memory/2336-8-0x000007FEF54C0000-0x000007FEF5EAC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/3064-6-0x000007FFFFFD6000-0x000007FFFFFD7000-memory.dmp

      Filesize

      4KB

      Download