99c1b2c7ec27b36fbc1978048266d739f8efc003af325fd9a00d0399d7d16b48

General

Target

ORGANICUP ApS.exe
Size

641KB
MD5

d99f154e6358b247baf32a58b1d6f595
SHA1

0e53adf45cb616182c55c6e35ba68efe55aeaa9f
SHA256

99c1b2c7ec27b36fbc1978048266d739f8efc003af325fd9a00d0399d7d16b48
SHA512

4514bae3b7340357f91f501ec72a94d04d4d868385fe20fdc6da2bc2a3bc1366423db9afd459c8d5185431fb02b8639ecc4210d6345867f741215ec17406bb56

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 8 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

description	pid	process	target process
PID 2024 set thread context of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 set thread context of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2004 set thread context of 336	2004	ORGANICUP ApS.exe	explorer.exe
PID 580 set thread context of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1068 set thread context of 1512	1068	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1512 set thread context of 1604	1512	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1604 set thread context of 1720	1604	ORGANICUP ApS.exe	explorer.exe
PID 1328 set thread context of 1680	1328	ORGANICUP ApS.exe	ORGANICUP ApS.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

pid process

1932 ORGANICUP ApS.exe
1512 ORGANICUP ApS.exe
1328 ORGANICUP ApS.exe
1328 ORGANICUP ApS.exe
1328 ORGANICUP ApS.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exe

pid process

2004 ORGANICUP ApS.exe
1604 ORGANICUP ApS.exe

pid	process
1932	ORGANICUP ApS.exe
1512	ORGANICUP ApS.exe
1328	ORGANICUP ApS.exe
1328	ORGANICUP ApS.exe
1328	ORGANICUP ApS.exe

pid	process
2004	ORGANICUP ApS.exe
1604	ORGANICUP ApS.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

description	pid	process
Token: SeDebugPrivilege	2024	ORGANICUP ApS.exe
Token: SeDebugPrivilege	580	ORGANICUP ApS.exe
Token: SeDebugPrivilege	1068	ORGANICUP ApS.exe
Token: SeDebugPrivilege	1328	ORGANICUP ApS.exe

Suspicious use of WriteProcessMemory 141 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

description	pid	process	target process
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2024 wrote to memory of 1932	2024	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 2004	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2004 wrote to memory of 336	2004	ORGANICUP ApS.exe	explorer.exe
PID 2004 wrote to memory of 336	2004	ORGANICUP ApS.exe	explorer.exe
PID 2004 wrote to memory of 336	2004	ORGANICUP ApS.exe	explorer.exe
PID 2004 wrote to memory of 336	2004	ORGANICUP ApS.exe	explorer.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1932 wrote to memory of 580	1932	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 580 wrote to memory of 1464	580	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1464 wrote to memory of 1068	1464	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1068 wrote to memory of 1512	1068	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1068 wrote to memory of 1512	1068	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1068 wrote to memory of 1512	1068	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 1068 wrote to memory of 1512	1068	ORGANICUP ApS.exe	ORGANICUP ApS.exe

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
  "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
    "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\SysWOW64\explorer.exe"
      4⤵
      PID:336
- - C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
    "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
      "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        6⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        7⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:1604
        
        C:\Windows\SysWOW64\explorer.exe
        
        "C:\Windows\SysWOW64\explorer.exe"
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        7⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        8⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
        9⤵
        
        PID:408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-22-0x0000000000082E90-mapping.dmp

Download
memory/336-11-0x0000000000080000-0x000000000008F000-memory.dmp

Filesize
60KB

Download
memory/408-60-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/408-59-0x0000000000000000-mapping.dmp

Download
memory/580-17-0x0000000000000000-mapping.dmp

Download
memory/580-19-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/580-18-0x0000000073500000-0x0000000073BEE000-memory.dmp

Filesize
6.9MB

Download
memory/1068-30-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/1068-29-0x0000000000000000-mapping.dmp

Download
memory/1328-48-0x0000000073500000-0x0000000073BEE000-memory.dmp

Filesize
6.9MB

Download
memory/1328-47-0x0000000000000000-mapping.dmp

Download
memory/1464-27-0x00000000004068F7-mapping.dmp

Download
memory/1512-43-0x00000000027D0000-0x00000000027E1000-memory.dmp

Filesize
68KB

Download
memory/1512-37-0x00000000004068F7-mapping.dmp

Download
memory/1512-42-0x00000000023C0000-0x00000000023D1000-memory.dmp

Filesize
68KB

Download
memory/1604-52-0x0000000000180000-0x000000000018F000-memory.dmp

Filesize
60KB

Download
memory/1604-40-0x0000000000403500-mapping.dmp

Download
memory/1680-57-0x00000000004068F7-mapping.dmp

Download
memory/1720-51-0x0000000000082E90-mapping.dmp

Download
memory/1720-41-0x0000000000080000-0x000000000008F000-memory.dmp

Filesize
60KB

Download
memory/1932-15-0x0000000002150000-0x0000000002161000-memory.dmp

Filesize
68KB

Download
memory/1932-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1932-8-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1932-7-0x00000000004068F7-mapping.dmp

Download
memory/1932-13-0x0000000002560000-0x0000000002571000-memory.dmp

Filesize
68KB

Download
memory/1932-12-0x0000000002150000-0x0000000002161000-memory.dmp

Filesize
68KB

Download
memory/2004-10-0x0000000000403500-mapping.dmp

Download
memory/2004-9-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2024-4-0x00000000047F0000-0x000000000483A000-memory.dmp

Filesize
296KB

Download
memory/2024-5-0x00000000007E0000-0x00000000007F6000-memory.dmp

Filesize
88KB

Download
memory/2024-0-0x0000000074230000-0x000000007491E000-memory.dmp

Filesize
6.9MB

Download
memory/2024-3-0x0000000001F50000-0x0000000001FE4000-memory.dmp

Filesize
592KB

Download
memory/2024-1-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads