de7990d951fc7c70208e47d6f087874d20f07c3992120301ab35cfc25ab2aa0e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PROFORMA FATURA pdf.exe
Size

1.8MB
MD5

00e8ff51aeee836ba8c765d8fddef307
SHA1

fb6ebb2222b4b6a328684ac51795092435ed229e
SHA256

283abbd8b30c201c0c58db11b6245ebff8fff283de873e52442e3df7e373eff1
SHA512

a699858a707af7acf11d0a19896aca7ba3b5e99525566bce4620580666d7f2251a502079e95fa371862bf7d8ea616bc04c01032dcb855e085da211abc0a7b8f6
SSDEEP

24576:Sxis3sVkUc0TznnsGXLDT01+EuVkwaSW+xoiOkcIM1W8M8HU1C:S33sV4MDn3XLDobuCGDodF48J

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Items.vbs	PROFORMA FATURA pdf.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2712	PROFORMA FATURA pdf.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2712	PROFORMA FATURA pdf.exe
Token: SeDebugPrivilege	2712	PROFORMA FATURA pdf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 5204	2712	PROFORMA FATURA pdf.exe	30
PID 2712 wrote to memory of 5204	2712	PROFORMA FATURA pdf.exe	30
PID 2712 wrote to memory of 5204	2712	PROFORMA FATURA pdf.exe	30

C:\Users\Admin\AppData\Local\Temp\PROFORMA FATURA pdf.exe
"C:\Users\Admin\AppData\Local\Temp\PROFORMA FATURA pdf.exe"
1⤵
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2712 -s 592
  2⤵
  PID:5204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2712-0-0x000007FEF5573000-0x000007FEF5574000-memory.dmp

Filesize
4KB

Download
memory/2712-1-0x0000000000E10000-0x0000000000FDA000-memory.dmp

Filesize
1.8MB

Download
memory/2712-2-0x000000001BD90000-0x000000001BE80000-memory.dmp

Filesize
960KB

Download
memory/2712-6-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-4-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-3-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-8-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-10-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-12-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-32-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-42-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-40-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-44-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-30-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-28-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-14-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-18-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-16-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-66-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-64-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-63-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-60-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-58-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-57-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-54-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-52-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-50-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-48-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-46-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-38-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-36-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-34-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-26-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-24-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-22-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-20-0x000000001BD90000-0x000000001BE7A000-memory.dmp

Filesize
936KB

Download
memory/2712-1179-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2712-1182-0x0000000000680000-0x00000000006CC000-memory.dmp

Filesize
304KB

Download
memory/2712-1181-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2712-1180-0x00000000009D0000-0x0000000000A32000-memory.dmp

Filesize
392KB

Download
memory/2712-1183-0x0000000000A30000-0x0000000000A84000-memory.dmp

Filesize
336KB

Download
memory/2712-1186-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2712-1187-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2712-1188-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

Filesize
9.9MB

Download