2a451883bcabf318c2d3acc4b2259716c744a76cda9a68b5798dfc157f94e8cb

General

Target

originalcopy2021_pdf.exe
Size

845KB
MD5

96038a49c8581a2e6c32b9f87c781c68
SHA1

3a9a2ceceafd02a16c5e76674007973b8d34a71a
SHA256

2a451883bcabf318c2d3acc4b2259716c744a76cda9a68b5798dfc157f94e8cb
SHA512

ce2eaa5f871ab0ce7f72493e9df1c4feccd994bca46fef3b6fdfd7e34531a729e64e725159de905854414eaa739dafce10355abbfd2b3bf3266cedd824e731bc

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

originalcopy2021_pdf.exe

pid	process
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe
644	originalcopy2021_pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

originalcopy2021_pdf.exe

description pid process

Token: SeDebugPrivilege 644 originalcopy2021_pdf.exe

description	pid	process
Token: SeDebugPrivilege	644	originalcopy2021_pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

originalcopy2021_pdf.exe

description	pid	process	target process
PID 644 wrote to memory of 1572	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1572	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1572	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1572	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 476	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 476	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 476	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 476	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 916	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 916	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 916	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 916	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 792	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 792	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 792	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 792	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1812	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1812	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1812	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe
PID 644 wrote to memory of 1812	644	originalcopy2021_pdf.exe	originalcopy2021_pdf.exe

C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:644

C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe"
2⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe"
2⤵
PID:476

C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe"
2⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe"
2⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\originalcopy2021_pdf.exe"
2⤵
PID:1812

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/644-2-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/644-3-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/644-5-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/644-6-0x0000000000350000-0x0000000000362000-memory.dmp

Filesize
72KB

Download
memory/644-7-0x0000000004E70000-0x0000000004EC8000-memory.dmp

Filesize
352KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads