beaee29c11566ce99ec0fb9ddbb2e1df84530ea5b6f88cb099f63bbb0da5c7b8

Analysis

max time kernel
6s
max time network
16s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Drawing files .pdf.exe
Size

749KB
MD5

b32780e2e8099d43091f515bdf341ad8
SHA1

0e461abf59e7812839b0ff6f986bfcb6658bf384
SHA256

beaee29c11566ce99ec0fb9ddbb2e1df84530ea5b6f88cb099f63bbb0da5c7b8
SHA512

a6c9ee0cdc4723bb4b4c0fdaa0288ef83dec69f24123bc72bb7e3e5733e41d55d2a95ab308e645c0af474e3b535ce51100ead5fccf18c5461c69e9e2e7664f8b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Drawing files .pdf.exe

pid process

1808 Drawing files .pdf.exe
1808 Drawing files .pdf.exe
1808 Drawing files .pdf.exe
1808 Drawing files .pdf.exe
1808 Drawing files .pdf.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Drawing files .pdf.exe

description pid process

Token: SeDebugPrivilege 1808 Drawing files .pdf.exe

pid	process
1808	Drawing files .pdf.exe
1808	Drawing files .pdf.exe
1808	Drawing files .pdf.exe
1808	Drawing files .pdf.exe
1808	Drawing files .pdf.exe

description	pid	process
Token: SeDebugPrivilege	1808	Drawing files .pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Drawing files .pdf.exe

description	pid	process	target process
PID 1808 wrote to memory of 1216	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1216	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1216	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1216	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1228	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1228	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1228	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1228	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1352	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1352	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1352	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1352	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1332	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1332	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1332	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1332	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1348	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1348	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1348	1808	Drawing files .pdf.exe	Drawing files .pdf.exe
PID 1808 wrote to memory of 1348	1808	Drawing files .pdf.exe	Drawing files .pdf.exe

C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1808

C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe
"{path}"
2⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe
"{path}"
2⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe
"{path}"
2⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe
"{path}"
2⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Drawing files .pdf.exe
"{path}"
2⤵
PID:1348

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads