cabcc377f00b0aa676d3139e7f14fa7881c5f25875d5218e25645db7e129992c

General

Target

Standard Chartered Bank.exe
Size

498KB
MD5

810e9eebba5cce5bf0d44cbb5e3b5a19
SHA1

bf031ef4b6b87f9e0cb2c540745614fb914475d4
SHA256

cabcc377f00b0aa676d3139e7f14fa7881c5f25875d5218e25645db7e129992c
SHA512

c6b33f8be189ff612388fd48f0e6bbeafbf7ec57b65133afbffe1484306288ed8dfe568bfe8d8e65b7bea9d819068f52d8dc073e1e9b45c145a338c06a02e9f1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes:

Standard Chartered Bank.exe

pid	process
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe
368	Standard Chartered Bank.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Standard Chartered Bank.exe

description pid process

Token: SeDebugPrivilege 368 Standard Chartered Bank.exe

description	pid	process
Token: SeDebugPrivilege	368	Standard Chartered Bank.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

Standard Chartered Bank.exe

description	pid	process	target process
PID 368 wrote to memory of 1476	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1476	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1476	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1476	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1472	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1472	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1472	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1472	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 820	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 820	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 820	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 820	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1384	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1384	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1384	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1384	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 604	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 604	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 604	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 604	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1352	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1352	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1352	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1352	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1532	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1532	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1532	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1532	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1632	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1632	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1632	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 1632	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 520	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 520	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 520	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 520	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 332	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 332	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 332	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 368 wrote to memory of 332	368	Standard Chartered Bank.exe	Standard Chartered Bank.exe

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:368

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:520

C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe
"C:\Users\Admin\AppData\Local\Temp\Standard Chartered Bank.exe"
2⤵
PID:332

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/368-60-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/368-62-0x00000000005E0000-0x000000000060F000-memory.dmp

Filesize
188KB

Download
memory/368-63-0x0000000004160000-0x0000000004161000-memory.dmp

Filesize
4KB

Download
memory/368-64-0x0000000000680000-0x00000000006B3000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads