Analysis Overview
SHA256
a05acadb64d5923e931a42aecca755b6a160b39f96ec1bff8611cd5116b4c926
Threat Level: Known bad
The file Proforma Invoice.scr.exe was found to be: Known bad.
Malicious Activity Summary
AgentTesla
Agenttesla family
Suspicious use of NtCreateUserProcessOtherParentProcess
Drops startup file
Looks up external IP address via web service
Suspicious use of SetThreadContext
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 10:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 10:03
Reported
2024-10-31 10:05
Platform
win7-20241010-en
Max time kernel
146s
Max time network
155s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | geocs.mx | udp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
Files
memory/804-0-0x000000007408E000-0x000000007408F000-memory.dmp
memory/804-1-0x00000000012E0000-0x00000000012E8000-memory.dmp
memory/804-2-0x0000000074080000-0x000000007476E000-memory.dmp
memory/804-3-0x000000007408E000-0x000000007408F000-memory.dmp
memory/804-4-0x0000000074080000-0x000000007476E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-31 10:03
Reported
2024-10-31 10:05
Platform
win10v2004-20241007-en
Max time kernel
141s
Max time network
143s
Command Line
Signatures
AgentTesla
Agenttesla family
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1176 created 3432 | N/A | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | C:\Windows\Explorer.EXE |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EncoderFallback.vbs | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1176 set thread context of 2308 | N/A | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe
"C:\Users\Admin\AppData\Local\Temp\Proforma Invoice.scr.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | geocs.mx | udp |
| US | 173.237.185.182:443 | geocs.mx | tcp |
| US | 8.8.8.8:53 | 182.185.237.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/1176-0-0x000000007470E000-0x000000007470F000-memory.dmp
memory/1176-1-0x0000000000FA0000-0x0000000000FA8000-memory.dmp
memory/1176-2-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-3-0x0000000006D10000-0x0000000006E0A000-memory.dmp
memory/1176-4-0x00000000073C0000-0x0000000007964000-memory.dmp
memory/1176-5-0x0000000006EC0000-0x0000000006F52000-memory.dmp
memory/1176-6-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-17-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-23-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-21-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-19-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-15-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-13-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-11-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-9-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-7-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-25-0x000000007470E000-0x000000007470F000-memory.dmp
memory/1176-40-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-66-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-70-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-68-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-64-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-62-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-60-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-58-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-56-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-54-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-52-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-50-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-48-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-46-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-44-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-38-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-36-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-34-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-32-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-30-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-28-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-26-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-42-0x0000000006D10000-0x0000000006E03000-memory.dmp
memory/1176-258-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1082-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1083-0x0000000007030000-0x000000000709C000-memory.dmp
memory/1176-1084-0x0000000006F60000-0x0000000006FAC000-memory.dmp
memory/1176-1088-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1089-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1090-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1091-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1092-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/1176-1093-0x0000000006240000-0x0000000006294000-memory.dmp
memory/1176-1097-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/2308-1098-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/2308-1099-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2308-1100-0x00000000052C0000-0x0000000005326000-memory.dmp
memory/2308-1101-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/2308-1102-0x00000000066D0000-0x0000000006720000-memory.dmp
memory/2308-1103-0x00000000067C0000-0x000000000685C000-memory.dmp
memory/2308-1104-0x0000000006890000-0x000000000689A000-memory.dmp
memory/2308-1105-0x0000000074700000-0x0000000074EB0000-memory.dmp