2af6eb96ef34d5a8b894dc7cbba381f4505c6e9495c8206065adc61bd4e0a9f7

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fedex Delivery unknown Pdf.exe
Size

2.4MB
MD5

a2d0bac4f8e4e3bff7439e50e1896f0a
SHA1

69f226ca13da30170c202ef3af2f0f3965e93a9b
SHA256

2af6eb96ef34d5a8b894dc7cbba381f4505c6e9495c8206065adc61bd4e0a9f7
SHA512

a4d8a83b3d4afd7858e090a07400cfed75f7340e22f684cb326cfabf040baa698551ef48b5e23ecffe73b5b5806373048bdc4eb1c60ea376b57f833217bec709
SSDEEP

12288:SlfqOMfexYzOMpLE01oy6VVqg5SYk3t+MtRDyPY+49pCNRrydaTjUyfU:IqOCzOyLh1ozIgVk9dFy8TYydgNc

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2436 set thread context of 1360	2436	Fedex Delivery unknown Pdf.exe	30

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1360	iexplore.exe
1360	iexplore.exe
1360	iexplore.exe
1360	iexplore.exe
1360	iexplore.exe
1360	iexplore.exe
1360	iexplore.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2236	2436	Fedex Delivery unknown Pdf.exe	28
PID 2436 wrote to memory of 2236	2436	Fedex Delivery unknown Pdf.exe	28
PID 2436 wrote to memory of 2236	2436	Fedex Delivery unknown Pdf.exe	28
PID 2436 wrote to memory of 2236	2436	Fedex Delivery unknown Pdf.exe	28
PID 2436 wrote to memory of 2236	2436	Fedex Delivery unknown Pdf.exe	28
PID 2436 wrote to memory of 2128	2436	Fedex Delivery unknown Pdf.exe	29
PID 2436 wrote to memory of 2128	2436	Fedex Delivery unknown Pdf.exe	29
PID 2436 wrote to memory of 2128	2436	Fedex Delivery unknown Pdf.exe	29
PID 2436 wrote to memory of 2128	2436	Fedex Delivery unknown Pdf.exe	29
PID 2436 wrote to memory of 2128	2436	Fedex Delivery unknown Pdf.exe	29
PID 2436 wrote to memory of 2128	2436	Fedex Delivery unknown Pdf.exe	29
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 1360	2436	Fedex Delivery unknown Pdf.exe	30
PID 2436 wrote to memory of 2344	2436	Fedex Delivery unknown Pdf.exe	31
PID 2436 wrote to memory of 2344	2436	Fedex Delivery unknown Pdf.exe	31
PID 2436 wrote to memory of 2344	2436	Fedex Delivery unknown Pdf.exe	31
PID 2436 wrote to memory of 2344	2436	Fedex Delivery unknown Pdf.exe	31

C:\Users\Admin\AppData\Local\Temp\Fedex Delivery unknown Pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Fedex Delivery unknown Pdf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:2236
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
  2⤵
  PID:2128
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-12-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2236-4-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2236-7-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2436-0-0x000007FEF5893000-0x000007FEF5894000-memory.dmp

Filesize
4KB

Download
memory/2436-1-0x0000000000D10000-0x0000000000D18000-memory.dmp

Filesize
32KB

Download
memory/2436-2-0x000000001AF40000-0x000000001AFDA000-memory.dmp

Filesize
616KB

Download
memory/2436-3-0x000007FEF5890000-0x000007FEF627C000-memory.dmp

Filesize
9.9MB

Download
memory/2436-13-0x000007FEF5890000-0x000007FEF627C000-memory.dmp

Filesize
9.9MB

Download