ca1e8896fedd1f7e22799e7c5ccf9f1a7898e4602890efc47285cf0cfead7b46

Analysis

Target

Payment.exe
Size

616KB
MD5

933cedbe56bd04acdbbb183a0004162b
SHA1

9a255a7eaa2dd334dcde3f9c8f73e8c25e3a8a65
SHA256

a57534ac7570e5be7e25f1c0d9745dc549d56b193ed7b1547e61ae79485edc1c
SHA512

42cce5f2e1d9a96bddd3312c7433a2620a3aef84c612501728f77fca159620ff4c69885933e7a2a15c72d7e8a44a0d2e76d41bb2ba6ccb7ec9be04d10cd72545

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Payment.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Payment.exe

description pid process

Token: SeDebugPrivilege 1640 Payment.exe

description	pid	process
Token: SeDebugPrivilege	1640	Payment.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Payment.exe

description	pid	process	target process
PID 1640 wrote to memory of 320	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 320	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 320	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 320	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 1432	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 1432	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 1432	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 1432	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 528	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 528	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 528	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 528	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 956	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 956	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 956	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 956	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 2024	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 2024	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 2024	1640	Payment.exe	Payment.exe
PID 1640 wrote to memory of 2024	1640	Payment.exe	Payment.exe

C:\Users\Admin\AppData\Local\Temp\Payment.exe
"C:\Users\Admin\AppData\Local\Temp\Payment.exe"
2⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Payment.exe
"C:\Users\Admin\AppData\Local\Temp\Payment.exe"
2⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Payment.exe
"C:\Users\Admin\AppData\Local\Temp\Payment.exe"
2⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\Payment.exe
"C:\Users\Admin\AppData\Local\Temp\Payment.exe"
2⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Payment.exe
"C:\Users\Admin\AppData\Local\Temp\Payment.exe"
2⤵
PID:2024

memory/1640-52-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1640-54-0x0000000004D20000-0x0000000004D21000-memory.dmp

Filesize
4KB

Download
memory/1640-55-0x0000000000510000-0x0000000000517000-memory.dmp

Filesize
28KB

Download
memory/1640-56-0x0000000007DA0000-0x0000000007E08000-memory.dmp

Filesize
416KB

Download
memory/1640-57-0x0000000004600000-0x0000000004633000-memory.dmp

Filesize
204KB

Download