3f359e1a20563017c2f66a4e01136fbd73a9293ca1ce3df2dd880a94b9eee23e

Analysis

Target

swift.exe
Size

531KB
MD5

a3aa510eb6f74e8dfc7a8c3bcd0fedf6
SHA1

286e81ec896f6746a1ca48e59dc6735c25249a37
SHA256

3f359e1a20563017c2f66a4e01136fbd73a9293ca1ce3df2dd880a94b9eee23e
SHA512

28c5048dda26762d5859488ef46cc222de632174e35d62e07b05ede307ec35309fd5636b53ba454e26386fb7033a8ae60f3cfe920b075cc1373589b14dfee2aa

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

swift.exe

pid process

1996 swift.exe
1996 swift.exe
1996 swift.exe
1996 swift.exe
1996 swift.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

swift.exe

description pid process

Token: SeDebugPrivilege 1996 swift.exe

description	pid	process
Token: SeDebugPrivilege	1996	swift.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

swift.exe

description	pid	process	target process
PID 1996 wrote to memory of 420	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 420	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 420	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 420	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 740	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 740	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 740	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 740	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 296	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 296	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 296	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 296	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 592	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 592	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 592	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 592	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 572	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 572	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 572	1996	swift.exe	swift.exe
PID 1996 wrote to memory of 572	1996	swift.exe	swift.exe

C:\Users\Admin\AppData\Local\Temp\swift.exe
"C:\Users\Admin\AppData\Local\Temp\swift.exe"
2⤵
PID:420

C:\Users\Admin\AppData\Local\Temp\swift.exe
"C:\Users\Admin\AppData\Local\Temp\swift.exe"
2⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\swift.exe
"C:\Users\Admin\AppData\Local\Temp\swift.exe"
2⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\swift.exe
"C:\Users\Admin\AppData\Local\Temp\swift.exe"
2⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\swift.exe
"C:\Users\Admin\AppData\Local\Temp\swift.exe"
2⤵
PID:572

memory/1996-59-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1996-61-0x0000000000520000-0x000000000052D000-memory.dmp

Filesize
52KB

Download
memory/1996-62-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/1996-63-0x000000007EF40000-0x000000007EF41000-memory.dmp

Filesize
4KB

Download
memory/1996-64-0x00000000049E0000-0x0000000004A58000-memory.dmp

Filesize
480KB

Download
memory/1996-65-0x0000000004360000-0x0000000004391000-memory.dmp

Filesize
196KB

Download