6a7659b4614c990d4feba15eeef035d47dcb8f46d92320620205eb6131eaf6a4

General

Target

order no.0118-21.exe
Size

1.1MB
MD5

ea3b95545772a4401f0978721eef7353
SHA1

1828a711a093a3f974a420cf12fa3d67c48bd3a8
SHA256

6a7659b4614c990d4feba15eeef035d47dcb8f46d92320620205eb6131eaf6a4
SHA512

2dc1946ae0113e51c248c7308aa7efc59a6cdea9bb40b17e6bf6b69660095eb64af71f3b3f0ec6657bf800e00938d51b3f53060e9da8065703c22067e0b2c342

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

order no.0118-21.exe

pid process

324 order no.0118-21.exe
324 order no.0118-21.exe
324 order no.0118-21.exe
324 order no.0118-21.exe
324 order no.0118-21.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

order no.0118-21.exe

description pid process

Token: SeDebugPrivilege 324 order no.0118-21.exe

description	pid	process
Token: SeDebugPrivilege	324	order no.0118-21.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

order no.0118-21.exe

description	pid	process	target process
PID 324 wrote to memory of 656	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 656	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 656	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 656	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 268	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 268	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 268	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 268	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 512	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 512	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 512	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 512	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 864	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 864	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 864	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 864	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 1248	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 1248	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 1248	324	order no.0118-21.exe	order no.0118-21.exe
PID 324 wrote to memory of 1248	324	order no.0118-21.exe	order no.0118-21.exe

C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe
"C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe"
2⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe
"C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe"
2⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe
"C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe"
2⤵
PID:512

C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe
"C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe"
2⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe
"C:\Users\Admin\AppData\Local\Temp\order no.0118-21.exe"
2⤵
PID:1248

memory/324-2-0x0000000074DA0000-0x000000007548E000-memory.dmp

Filesize
6.9MB

Download
memory/324-3-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/324-5-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/324-6-0x0000000000690000-0x00000000006A3000-memory.dmp

Filesize
76KB

Download
memory/324-7-0x0000000004BC0000-0x0000000004C70000-memory.dmp

Filesize
704KB

Download