84b36ef694c33f931d55f3e8bc3b8611799a478216a4e708d2280e8c8bc07d08

Analysis

Target

Worksheet.exe
Size

697KB
MD5

37d42708174cd82c0c7b07df3862e368
SHA1

d744d9b00b457ebcf243d9507c9286d12d0febdc
SHA256

84b36ef694c33f931d55f3e8bc3b8611799a478216a4e708d2280e8c8bc07d08
SHA512

c0d0f60ecc46c61ef043e16bad0359fb3aa117a63610c7d83bf82568e0c70950d67a1ea0e7eb9da2392c47ee4f15aba33b92a29bc21f2e0685fbe1b2d967e5ae

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

Worksheet.exe

description pid process target process

PID 788 set thread context of 432 788 Worksheet.exe Worksheet.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Worksheet.exe

pid process

788 Worksheet.exe
788 Worksheet.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Worksheet.exeWorksheet.exe

description pid process

Token: SeDebugPrivilege 788 Worksheet.exe
Token: SeDebugPrivilege 432 Worksheet.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Worksheet.exe

pid process

432 Worksheet.exe

description	pid	process	target process
PID 788 set thread context of 432	788	Worksheet.exe	Worksheet.exe

pid	process
788	Worksheet.exe
788	Worksheet.exe

description	pid	process
Token: SeDebugPrivilege	788	Worksheet.exe
Token: SeDebugPrivilege	432	Worksheet.exe

pid	process
432	Worksheet.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

Worksheet.exe

description	pid	process	target process
PID 788 wrote to memory of 1720	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 1720	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 1720	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 1720	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe
PID 788 wrote to memory of 432	788	Worksheet.exe	Worksheet.exe

memory/432-66-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/432-67-0x00000000004100BE-mapping.dmp

Download
memory/432-68-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/432-70-0x00000000045A0000-0x00000000045A1000-memory.dmp

Filesize
4KB

Download
memory/788-60-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/788-62-0x0000000004E30000-0x0000000004E31000-memory.dmp

Filesize
4KB

Download
memory/788-63-0x00000000004D0000-0x00000000004DE000-memory.dmp

Filesize
56KB

Download
memory/788-64-0x0000000005680000-0x0000000005734000-memory.dmp

Filesize
720KB

Download
memory/788-65-0x00000000054D0000-0x0000000005536000-memory.dmp

Filesize
408KB

Download