1934bdf522d76039b24a8e28c4749d5f2f111b5c4b63af53804fafae495f1864

Analysis

max time kernel
68s
max time network
61s
platform
windows7_x64
resource
win7
submitted
09/07/2020, 07:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Catalogue RMK Trading 0807202-07_PDF.exe
Size

1.1MB
MD5

6a22be01906d153bad9960303f5022b2
SHA1

f695dffdf269f3ae5a72ce713e7930020f60734f
SHA256

1934bdf522d76039b24a8e28c4749d5f2f111b5c4b63af53804fafae495f1864
SHA512

a9a31e65cc03025856130540ec3e1f3bee3d0c885b31fbbea433c92aec5c8b6c9df7674963d51b16242eac9c69eafc262b4a329c93e7ce565c0fd790ed2e58cf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	26
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	26
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	26
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	26
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	27
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	27
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	27
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	27
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	28
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	28
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	28
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	28
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	29
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	29
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	29
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	29
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	30
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	30
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	30
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	30

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	616	Catalogue RMK Trading 0807202-07_PDF.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:616
- C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
  "{path}"
  2⤵
  PID:1820
- C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
  "{path}"
  2⤵
  PID:1844
- C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
  "{path}"
  2⤵
  PID:1836
- C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
  "{path}"
  2⤵
  PID:1860
- C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
  "{path}"
  2⤵
  PID:1852

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads