652f9518aa94446cc7260a972710f444a84de3f9a63674320f259e2c5f24ef6a

Analysis

Target

TT copy.pdf.exe
Size

205KB
MD5

f903efb1787dab2ca31c708d9507f495
SHA1

fa4772d0bb983e27d86f9160b848f167ce09f5e3
SHA256

652f9518aa94446cc7260a972710f444a84de3f9a63674320f259e2c5f24ef6a
SHA512

a4008691e31309c8b833499fce141038cec1010738763b6ffc9030ea28cd1a8b10ef693494f7937c14af9a457a8c9c22a598a505dc9a40bb6f1016e673c5c8f6

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

TT copy.pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

TT copy.pdf.exe

description pid process

Token: SeDebugPrivilege 1892 TT copy.pdf.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

TT copy.pdf.exe

pid process

1892 TT copy.pdf.exe
1892 TT copy.pdf.exe

description	pid	process
Token: SeDebugPrivilege	1892	TT copy.pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

TT copy.pdf.exe

description	pid	process	target process
PID 1892 wrote to memory of 1092	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1092	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1092	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1092	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1860	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1860	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1860	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1860	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1648	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1648	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1648	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1648	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1100	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1100	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1100	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1100	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1592	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1592	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1592	1892	TT copy.pdf.exe	TT copy.pdf.exe
PID 1892 wrote to memory of 1592	1892	TT copy.pdf.exe	TT copy.pdf.exe

memory/1564-107-0x000007FEF63D0000-0x000007FEF664A000-memory.dmp

Filesize
2.5MB

Download