99c1b2c7ec27b36fbc1978048266d739f8efc003af325fd9a00d0399d7d16b48

General

Target

ORGANICUP ApS.exe
Size

641KB
MD5

d99f154e6358b247baf32a58b1d6f595
SHA1

0e53adf45cb616182c55c6e35ba68efe55aeaa9f
SHA256

99c1b2c7ec27b36fbc1978048266d739f8efc003af325fd9a00d0399d7d16b48
SHA512

4514bae3b7340357f91f501ec72a94d04d4d868385fe20fdc6da2bc2a3bc1366423db9afd459c8d5185431fb02b8639ecc4210d6345867f741215ec17406bb56

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 10 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

description	pid	process	target process
PID 500 set thread context of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 set thread context of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 196 set thread context of 1320	196	ORGANICUP ApS.exe	explorer.exe
PID 3844 set thread context of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 set thread context of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 set thread context of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 716 set thread context of 2844	716	ORGANICUP ApS.exe	explorer.exe
PID 3928 set thread context of 3880	3928	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3880 set thread context of 3692	3880	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3692 set thread context of 2136	3692	ORGANICUP ApS.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

pid	process
3380	ORGANICUP ApS.exe
3380	ORGANICUP ApS.exe
3988	ORGANICUP ApS.exe
3988	ORGANICUP ApS.exe
3928	ORGANICUP ApS.exe
3928	ORGANICUP ApS.exe
3880	ORGANICUP ApS.exe
3880	ORGANICUP ApS.exe

Suspicious behavior: MapViewOfSection 3 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

pid process

196 ORGANICUP ApS.exe
716 ORGANICUP ApS.exe
3692 ORGANICUP ApS.exe

pid	process
196	ORGANICUP ApS.exe
716	ORGANICUP ApS.exe
3692	ORGANICUP ApS.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

description	pid	process
Token: SeDebugPrivilege	500	ORGANICUP ApS.exe
Token: SeDebugPrivilege	3844	ORGANICUP ApS.exe
Token: SeDebugPrivilege	2080	ORGANICUP ApS.exe
Token: SeDebugPrivilege	3928	ORGANICUP ApS.exe

Suspicious use of WriteProcessMemory 94 IoCs

Processes:

ORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exeORGANICUP ApS.exe

description	pid	process	target process
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 500 wrote to memory of 3380	500	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 196	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 196 wrote to memory of 1320	196	ORGANICUP ApS.exe	explorer.exe
PID 196 wrote to memory of 1320	196	ORGANICUP ApS.exe	explorer.exe
PID 196 wrote to memory of 1320	196	ORGANICUP ApS.exe	explorer.exe
PID 3380 wrote to memory of 3844	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 3844	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3380 wrote to memory of 3844	3380	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3844 wrote to memory of 4064	3844	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 4064 wrote to memory of 2080	4064	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 4064 wrote to memory of 2080	4064	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 4064 wrote to memory of 2080	4064	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 2080 wrote to memory of 3988	2080	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 716	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 716 wrote to memory of 2844	716	ORGANICUP ApS.exe	explorer.exe
PID 716 wrote to memory of 2844	716	ORGANICUP ApS.exe	explorer.exe
PID 716 wrote to memory of 2844	716	ORGANICUP ApS.exe	explorer.exe
PID 3988 wrote to memory of 3928	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe
PID 3988 wrote to memory of 3928	3988	ORGANICUP ApS.exe	ORGANICUP ApS.exe

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:500

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3380

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:196

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
4⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3844

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:4064

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2080

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3988

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:716

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3928

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
8⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:3880

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
PID:3692

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
10⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe
"C:\Users\Admin\AppData\Local\Temp\ORGANICUP ApS.exe"
9⤵
PID:424

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORGANICUP ApS.exe.log
MD5
605f809fab8c19729d39d075f7ffdb53

SHA1
c546f877c9bd53563174a90312a8337fdfc5fdd9

SHA256
6904d540649e76c55f99530b81be17e099184bb4cad415aa9b9b39cc3677f556

SHA512
82cc12c3186ae23884b8d5c104638c8206272c4389ade56b926dfc1d437b03888159b3c790b188b54d277a262e731927e703e680ea642e1417faee27443fd5b3

Download Submit
memory/196-9-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/196-10-0x0000000000403500-mapping.dmp

Download
memory/424-60-0x00000000731E0000-0x00000000738CE000-memory.dmp

Filesize
6.9MB

Download
memory/424-59-0x0000000000000000-mapping.dmp

Download
memory/500-1-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/500-3-0x0000000004A90000-0x0000000004B24000-memory.dmp

Filesize
592KB

Download
memory/500-4-0x0000000004E20000-0x0000000004E6A000-memory.dmp

Filesize
296KB

Download
memory/500-5-0x0000000002500000-0x0000000002516000-memory.dmp

Filesize
88KB

Download
memory/500-0-0x0000000073560000-0x0000000073C4E000-memory.dmp

Filesize
6.9MB

Download
memory/716-47-0x0000000000FF0000-0x0000000000FFF000-memory.dmp

Filesize
60KB

Download
memory/716-38-0x0000000000403500-mapping.dmp

Download
memory/1320-11-0x0000000000310000-0x000000000031F000-memory.dmp

Filesize
60KB

Download
memory/1320-20-0x0000000000312E90-mapping.dmp

Download
memory/2080-27-0x0000000000000000-mapping.dmp

Download
memory/2080-28-0x0000000073600000-0x0000000073CEE000-memory.dmp

Filesize
6.9MB

Download
memory/2136-64-0x00000000012B2E90-mapping.dmp

Download
memory/2136-56-0x00000000012B0000-0x00000000012BF000-memory.dmp

Filesize
60KB

Download
memory/2844-39-0x00000000008D0000-0x00000000008DF000-memory.dmp

Filesize
60KB

Download
memory/2844-46-0x00000000008D2E90-mapping.dmp

Download
memory/3380-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3380-7-0x00000000004068F7-mapping.dmp

Download
memory/3380-12-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/3380-13-0x0000000003F30000-0x0000000003F31000-memory.dmp

Filesize
4KB

Download
memory/3380-8-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3692-55-0x0000000000403500-mapping.dmp

Download
memory/3844-16-0x00000000731E0000-0x00000000738CE000-memory.dmp

Filesize
6.9MB

Download
memory/3844-14-0x0000000000000000-mapping.dmp

Download
memory/3880-52-0x00000000004068F7-mapping.dmp

Download
memory/3880-53-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3880-57-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/3880-58-0x0000000003E50000-0x0000000003E51000-memory.dmp

Filesize
4KB

Download
memory/3928-43-0x00000000731E0000-0x00000000738CE000-memory.dmp

Filesize
6.9MB

Download
memory/3928-42-0x0000000000000000-mapping.dmp

Download
memory/3988-41-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/3988-40-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/3988-36-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3988-35-0x00000000004068F7-mapping.dmp

Download
memory/4064-26-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4064-25-0x00000000004068F7-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads