66c03fe9aa990496db6a1f1d0f332d3252115e03622f37f09c6ce8c0ddbd1a5e

Analysis

Target

ORDER WORKBOOK.exe
Size

1.3MB
MD5

38c3c643e80618c83b80b990ae16abe2
SHA1

ee93f02563f008c2715c26b4f8478410e09babcd
SHA256

ff2f7cc30d0eca889fbe37a6ea28172ac1dc0b2ea3563a622cc7de25a96e07f6
SHA512

26328038bbbb4523fd0dbfa8338a1bb09833a5c70de4240aa29944f4d103d358afe673246b924bb69a1f4134b0e945cf03b40685970e863a7f29d5ed02c24111

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

ORDER WORKBOOK.exe

pid process

2012 ORDER WORKBOOK.exe
2012 ORDER WORKBOOK.exe
2012 ORDER WORKBOOK.exe
2012 ORDER WORKBOOK.exe
2012 ORDER WORKBOOK.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ORDER WORKBOOK.exe

description pid process

Token: SeDebugPrivilege 2012 ORDER WORKBOOK.exe

description	pid	process
Token: SeDebugPrivilege	2012	ORDER WORKBOOK.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

ORDER WORKBOOK.exe

description	pid	process	target process
PID 2012 wrote to memory of 1764	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1764	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1764	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1764	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1792	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1792	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1792	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1792	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1804	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1804	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1804	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1804	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1720	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1720	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1720	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1720	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1708	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1708	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1708	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe
PID 2012 wrote to memory of 1708	2012	ORDER WORKBOOK.exe	ORDER WORKBOOK.exe

memory/2012-60-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2012-61-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download
memory/2012-62-0x00000000020D1000-0x00000000020D2000-memory.dmp

Filesize
4KB

Download