3ef009e7f463f7547633cf58782dc38fe61e38e9e4fcbedf2f70311c6fa0e5a7

General

Target

PROFORMA INVOICE.exe
Size

695KB
MD5

1bff7b7c5fb02011f9916e1a352437d4
SHA1

0fa608826609fc8b0156c3cb16446ede0557051a
SHA256

3ef009e7f463f7547633cf58782dc38fe61e38e9e4fcbedf2f70311c6fa0e5a7
SHA512

a24d1de3971bc5ef7829f53964ba50dcb827684d1f6d8d8e9b9c13a2a76557e4f465d5e1351683206322871bcd62bd370ef27aadbd68cda179b5c370346d556d
SSDEEP

12288:V7C9rvd+GMwgYn//56a+oHesNqOpI7hsJiVIxQ7/xsOGpYXGatL9MnPDrq:V+rvdFMgn/BbeslWhsJiGxQbxsOGWVt9

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2368 set thread context of 2356	2368	PROFORMA INVOICE.exe	28
PID 2356 set thread context of 1188	2356	RegSvcs.exe	21
PID 2356 set thread context of 3024	2356	RegSvcs.exe	31
PID 3024 set thread context of 1188	3024	iexpress.exe	21

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2368	PROFORMA INVOICE.exe
2368	PROFORMA INVOICE.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
2356	RegSvcs.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe
3024	iexpress.exe

Suspicious behavior: MapViewOfSection 5 IoCs

pid	Process
2356	RegSvcs.exe
1188	Explorer.EXE
1188	Explorer.EXE
3024	iexpress.exe
3024	iexpress.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	PROFORMA INVOICE.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 2368 wrote to memory of 2356	2368	PROFORMA INVOICE.exe	28
PID 1188 wrote to memory of 3024	1188	Explorer.EXE	31
PID 1188 wrote to memory of 3024	1188	Explorer.EXE	31
PID 1188 wrote to memory of 3024	1188	Explorer.EXE	31
PID 1188 wrote to memory of 3024	1188	Explorer.EXE	31

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Local\Temp\PROFORMA INVOICE.exe
  "C:\Users\Admin\AppData\Local\Temp\PROFORMA INVOICE.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:2356
- C:\Windows\SysWOW64\iexpress.exe
  "C:\Windows\SysWOW64\iexpress.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1188-18-0x00000000090C0000-0x000000000B3AC000-memory.dmp

Filesize
34.9MB

Download
memory/1188-26-0x00000000090C0000-0x000000000B3AC000-memory.dmp

Filesize
34.9MB

Download
memory/2356-16-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-22-0x0000000000240000-0x000000000025F000-memory.dmp

Filesize
124KB

Download
memory/2356-21-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-17-0x0000000000240000-0x000000000025F000-memory.dmp

Filesize
124KB

Download
memory/2356-14-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-11-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2356-8-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-7-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-15-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2356-13-0x0000000000AC0000-0x0000000000DC3000-memory.dmp

Filesize
3.0MB

Download
memory/2368-6-0x00000000053F0000-0x000000000547A000-memory.dmp

Filesize
552KB

Download
memory/2368-3-0x00000000050A0000-0x0000000005146000-memory.dmp

Filesize
664KB

Download
memory/2368-0-0x00000000746EE000-0x00000000746EF000-memory.dmp

Filesize
4KB

Download
memory/2368-5-0x0000000000360000-0x0000000000370000-memory.dmp

Filesize
64KB

Download
memory/2368-4-0x00000000003A0000-0x00000000003B8000-memory.dmp

Filesize
96KB

Download
memory/2368-1-0x0000000000EE0000-0x0000000000F94000-memory.dmp

Filesize
720KB

Download
memory/2368-2-0x00000000746E0000-0x0000000074DCE000-memory.dmp

Filesize
6.9MB

Download
memory/2368-12-0x00000000746E0000-0x0000000074DCE000-memory.dmp

Filesize
6.9MB

Download
memory/3024-20-0x0000000000080000-0x00000000000BF000-memory.dmp

Filesize
252KB

Download
memory/3024-23-0x0000000001E90000-0x0000000002193000-memory.dmp

Filesize
3.0MB

Download
memory/3024-24-0x0000000000080000-0x00000000000BF000-memory.dmp

Filesize
252KB

Download
memory/3024-25-0x0000000001D00000-0x0000000001D9E000-memory.dmp

Filesize
632KB

Download
memory/3024-19-0x0000000000080000-0x00000000000BF000-memory.dmp

Filesize
252KB

Download
memory/3024-27-0x0000000000080000-0x00000000000BF000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing