Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
03-12-2021 12:27
General
-
Target
SWIFT MESSAGE.exe
-
Size
506KB
-
MD5
94fe630521bac270adea7c1294f4ae7f
-
SHA1
d293a7fc184463352bebabdee5bc38bad3d4d17b
-
SHA256
3a8466544aac37ad923d7d14581f14647657a62f66cf1d7e05ed845f24e03111
-
SHA512
afd2add56b9af9eef92a7b65d29f0698b41f90c7cd83657189bd186a15011dac4956ec8f91159073ea4749261642df7fb6abba8cfbb7ef0c65bf960b6ad5bca4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SWIFT MESSAGE.exe"C:\Users\Admin\AppData\Local\Temp\SWIFT MESSAGE.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 7042⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/812-61-0x0000000000000000-mapping.dmp
-
memory/812-62-0x0000000000580000-0x0000000000581000-memory.dmpFilesize
4KB
-
memory/1364-55-0x0000000000200000-0x0000000000201000-memory.dmpFilesize
4KB
-
memory/1364-57-0x0000000076231000-0x0000000076233000-memory.dmpFilesize
8KB
-
memory/1364-58-0x0000000004960000-0x0000000004961000-memory.dmpFilesize
4KB
-
memory/1364-59-0x00000000005B0000-0x00000000005B8000-memory.dmpFilesize
32KB
-
memory/1364-60-0x00000000051B0000-0x000000000521A000-memory.dmpFilesize
424KB