Overview

overview

10

Static

static

SWIFT_ADVICE.exe

windows7_x64

3

SWIFT_ADVICE.exe

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    02-12-2021 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SWIFT_ADVICE.exe

  • Size

    672KB

  • MD5

    5dcc94e34045484495dcc1bc6f1c6921

  • SHA1

    a590f9f5ff0bcbbbc768d329ab3395bcf12f4e63

  • SHA256

    06ab16b86393e1eafa3f3b3c0c3a67804135b8cc9332d932a019ad98468191cb

  • SHA512

    ba75c9ddae7a16abed772eb22c59f23de86a7858a2000d8fccd894cfd8e2b10e4ac36f92793c383af356346b7ec79a0b05f1e700abc80afdd6182f253ae7d488

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SWIFT_ADVICE.exe
    "C:\Users\Admin\AppData\Local\Temp\SWIFT_ADVICE.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 704
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1360-55-0x0000000000210000-0x0000000000211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1360-57-0x0000000074F61000-0x0000000074F63000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1360-58-0x0000000004E20000-0x0000000004E21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1360-59-0x00000000004E0000-0x00000000004E8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1360-60-0x0000000005180000-0x0000000005214000-memory.dmp
    Filesize

    592KB

    Download
  • memory/1416-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1416-62-0x0000000000910000-0x00000000009BE000-memory.dmp
    Filesize

    696KB

    Download