306602e7317841b219d25b24ca14f9e50987fe9c9e48b3728bb548dea4557f9d

General

Target

New FedEx paper work review.exe
Size

792KB
MD5

c359c954a7d104b0a1bde867f86e73a5
SHA1

e647c8aa88a7209463b0dd0daa733759a529806d
SHA256

306602e7317841b219d25b24ca14f9e50987fe9c9e48b3728bb548dea4557f9d
SHA512

8f48d07be0342db4a946b5c74598eb5dbe565bbf0c7ed2a5f6b5ab7b99577f0e8463004f601d0286bcaebf5a673e18e83d9b8f319e5566f28b59e2ebc3a18644

Score

8^/10

Drops file in Drivers directory 1 IoCs

Processes:

New FedEx paper work review.exe

description ioc process

File opened for modification C:\Windows\system32\drivers\etc\hosts New FedEx paper work review.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

New FedEx paper work review.exe

description pid process target process

PID 1676 set thread context of 1624 1676 New FedEx paper work review.exe New FedEx paper work review.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

New FedEx paper work review.exe

pid process

1624 New FedEx paper work review.exe
1624 New FedEx paper work review.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

New FedEx paper work review.exe

description pid process

Token: SeDebugPrivilege 1624 New FedEx paper work review.exe

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	New FedEx paper work review.exe

description	pid	process	target process
PID 1676 set thread context of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe

pid	process
1624	New FedEx paper work review.exe
1624	New FedEx paper work review.exe

description	pid	process
Token: SeDebugPrivilege	1624	New FedEx paper work review.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

New FedEx paper work review.exe

description	pid	process	target process
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe
PID 1676 wrote to memory of 1624	1676	New FedEx paper work review.exe	New FedEx paper work review.exe

memory/1624-7-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1624-8-0x000000000043772E-mapping.dmp

Download
memory/1624-9-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1624-10-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1624-11-0x0000000074110000-0x00000000747FE000-memory.dmp

Filesize
6.9MB

Download
memory/1676-2-0x0000000074110000-0x00000000747FE000-memory.dmp

Filesize
6.9MB

Download
memory/1676-3-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/1676-5-0x00000000001F0000-0x0000000000202000-memory.dmp

Filesize
72KB

Download
memory/1676-6-0x0000000005430000-0x00000000054A5000-memory.dmp

Filesize
468KB

Download