1934bdf522d76039b24a8e28c4749d5f2f111b5c4b63af53804fafae495f1864

General

Target

Catalogue RMK Trading 0807202-07_PDF.exe
Size

1.1MB
MD5

6a22be01906d153bad9960303f5022b2
SHA1

f695dffdf269f3ae5a72ce713e7930020f60734f
SHA256

1934bdf522d76039b24a8e28c4749d5f2f111b5c4b63af53804fafae495f1864
SHA512

a9a31e65cc03025856130540ec3e1f3bee3d0c885b31fbbea433c92aec5c8b6c9df7674963d51b16242eac9c69eafc262b4a329c93e7ce565c0fd790ed2e58cf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Catalogue RMK Trading 0807202-07_PDF.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Catalogue RMK Trading 0807202-07_PDF.exe

description pid process

Token: SeDebugPrivilege 616 Catalogue RMK Trading 0807202-07_PDF.exe

description	pid	process
Token: SeDebugPrivilege	616	Catalogue RMK Trading 0807202-07_PDF.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Catalogue RMK Trading 0807202-07_PDF.exe

pid	process
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe
616	Catalogue RMK Trading 0807202-07_PDF.exe

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:616

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"{path}"
2⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"{path}"
2⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"{path}"
2⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"{path}"
2⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Catalogue RMK Trading 0807202-07_PDF.exe
"{path}"
2⤵
PID:1852

description	pid	process	target process
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1820	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1844	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1836	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1860	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe
PID 616 wrote to memory of 1852	616	Catalogue RMK Trading 0807202-07_PDF.exe	Catalogue RMK Trading 0807202-07_PDF.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads