bf335484cc9fdfc68bda67acbe6eab1f65f0f7dd7043b3aff47b47201ca531c5

General

Target

PAYMENT COPY.exe
Size

1.1MB
MD5

dd9dd4dc96b829fb76c94d93549077a3
SHA1

ab1b5e44e32b93b10f1697ef407e4e846da30226
SHA256

bf335484cc9fdfc68bda67acbe6eab1f65f0f7dd7043b3aff47b47201ca531c5
SHA512

e93f9a7258f1645df87976c73aae2b0ece10f9093ce6e28eb6df6e9bc7604df2df1b2d8902604b5c53c4e9684c1da988798ca5da4afb05dddd5c063cb64b5529

Score

1^/10

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

PAYMENT COPY.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PAYMENT COPY.exe

description pid process

Token: SeDebugPrivilege 1936 PAYMENT COPY.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

PAYMENT COPY.exe

pid process

1936 PAYMENT COPY.exe
1936 PAYMENT COPY.exe

description	pid	process
Token: SeDebugPrivilege	1936	PAYMENT COPY.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

PAYMENT COPY.exe

description	pid	process	target process
PID 1936 wrote to memory of 1768	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1768	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1768	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1768	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1268	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1268	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1268	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1268	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1304	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1304	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1304	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1304	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1344	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1344	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1344	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1344	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1380	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1380	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1380	1936	PAYMENT COPY.exe	PAYMENT COPY.exe
PID 1936 wrote to memory of 1380	1936	PAYMENT COPY.exe	PAYMENT COPY.exe

memory/1936-60-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1936-62-0x0000000000340000-0x0000000000392000-memory.dmp

Filesize
328KB

Download
memory/1936-63-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1936-66-0x00000000022A7000-0x00000000022B8000-memory.dmp

Filesize
68KB

Download
memory/1936-65-0x00000000022A2000-0x00000000022A3000-memory.dmp

Filesize
4KB

Download
memory/1936-64-0x00000000022A1000-0x00000000022A2000-memory.dmp

Filesize
4KB

Download
memory/1936-67-0x00000000006A0000-0x00000000006AE000-memory.dmp

Filesize
56KB

Download
memory/1936-68-0x000000007EF40000-0x000000007EF41000-memory.dmp

Filesize
4KB

Download
memory/1936-69-0x00000000064B0000-0x0000000006529000-memory.dmp

Filesize
484KB

Download
memory/1936-70-0x0000000002140000-0x000000000216B000-memory.dmp

Filesize
172KB

Download