5c26b86c312fe7bb9f36e9da309f7b97f0c47a2b53bf9fd8e4cbaf59082a9db3

Analysis

Target

BL-INV and Packing List.exe
Size

460KB
MD5

52905db0d31cf5ab7876b7b1085988c1
SHA1

56c628100f6c44e8845528bfd8ca641bcc24f180
SHA256

5c26b86c312fe7bb9f36e9da309f7b97f0c47a2b53bf9fd8e4cbaf59082a9db3
SHA512

b305c0330972b5a3ad064c6b90c04972b4489563ccae8c2da37b6b7f2933ce57f7820fc2338974ce9bdc45cd778b6acb2936320621be955daba4d56882cf458d

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1100	BL-INV and Packing List.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1416	1100	BL-INV and Packing List.exe	24
PID 1100 wrote to memory of 1416	1100	BL-INV and Packing List.exe	24
PID 1100 wrote to memory of 1416	1100	BL-INV and Packing List.exe	24
PID 1100 wrote to memory of 1464	1100	BL-INV and Packing List.exe	25
PID 1100 wrote to memory of 1464	1100	BL-INV and Packing List.exe	25
PID 1100 wrote to memory of 1464	1100	BL-INV and Packing List.exe	25
PID 1100 wrote to memory of 1492	1100	BL-INV and Packing List.exe	26
PID 1100 wrote to memory of 1492	1100	BL-INV and Packing List.exe	26
PID 1100 wrote to memory of 1492	1100	BL-INV and Packing List.exe	26
PID 1100 wrote to memory of 1544	1100	BL-INV and Packing List.exe	27
PID 1100 wrote to memory of 1544	1100	BL-INV and Packing List.exe	27
PID 1100 wrote to memory of 1544	1100	BL-INV and Packing List.exe	27
PID 1100 wrote to memory of 272	1100	BL-INV and Packing List.exe	28
PID 1100 wrote to memory of 272	1100	BL-INV and Packing List.exe	28
PID 1100 wrote to memory of 272	1100	BL-INV and Packing List.exe	28

C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe
"C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe
  "{path}"
  2⤵
  PID:1416
- C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe
  "{path}"
  2⤵
  PID:1464
- C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe
  "{path}"
  2⤵
  PID:1492
- C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe
  "{path}"
  2⤵
  PID:1544
- C:\Users\Admin\AppData\Local\Temp\BL-INV and Packing List.exe
  "{path}"
  2⤵
  PID:272