Analysis

  • max time kernel
    126s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 01:07

General

  • Target

    payment slip.exe

  • Size

    1.3MB

  • MD5

    89caacf3b4c7850f58e13b22c1abf425

  • SHA1

    612fa3a9c39e7740026ae6685708bec6a170a442

  • SHA256

    060f6e4baa9b2ac462805c173f9bec5927321333ae978c91d4de3bd0da6b415d

  • SHA512

    3b6d5b46ba51764e29fc063742e8871262dd5ba01e726a1864db2ee3768f726a8f12955b24408a8203250eeecff7a45e98d482e811674120b71a2259cbbf4cd0

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLXI0mlORaXRY6n4u0uUTTzPVbSG/oe:f3v+7/5QLSf6610uUfpbD/L

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\payment slip.exe
    "C:\Users\Admin\AppData\Local\Temp\payment slip.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3388
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\payment slip.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4428
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4008,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:8
    1⤵
      PID:3140

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3388-2-0x00000000043C0000-0x00000000047C0000-memory.dmp

      Filesize

      4.0MB

    • memory/4428-3-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

    • memory/4428-4-0x0000000001900000-0x0000000001C4A000-memory.dmp

      Filesize

      3.3MB

    • memory/4428-5-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

    • memory/4428-6-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB