Overview

overview

5

Static

static

5

Purchase Order.exe

windows7-x64

5

Purchase Order.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    51s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Purchase Order.exe

  • Size

    1.1MB

  • MD5

    216052c16bf322f2dbe2086605fc534a

  • SHA1

    9c4fe84a99dd4447e5dfef778de416cef45abe5a

  • SHA256

    6db218707e526a2a6eda9f68d36cc3f71c4d720b205df2aca356b68e3a9a5a35

  • SHA512

    ec3104411fa67281484b0f338941f4ac38f198a9d46775826f72ba0e21a49de5efd08d6c21e8a4448a64606f08e42df5946c4f4d84ad1fc7008b868f8325989d

  • SSDEEP

    24576:sAHnh+eWsN3skA4RV1Hom2KXMmHazsL7eRT/cC6MdDVRmUh5:Lh+ZkldoPK8Yazce6C6Mdh4q

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe
    "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\Purchase Order.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 728
      2⤵
      • Program crash
      PID:632
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2972 -ip 2972
    1⤵
      PID:4200

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut42E5.tmp
      Filesize

      266KB

      MD5

      92608c0f8ee6b9cb6c77fab74744ccde

      SHA1

      f08dbed0e57f4716c59e2cdbbf2d2ee2f8799097

      SHA256

      56c19c1bf61b65f6647d07e5675b4929d3d59be0e19a5aefd92c0cd43cba8b22

      SHA512

      e8b7231ec157a7f61c4e126e3b46ff69dd70e98e9b98f84c5971cb8b6174b65e8cac2be4781c4aaa973e2ff39be5b1d082c3f9389ae1aef2f5df2d2f7239a922

      Download Submit

    • memory/2972-12-0x0000000000FE0000-0x0000000000FE4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/4524-13-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4524-14-0x0000000001600000-0x000000000194A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4524-15-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4524-16-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download