c7a495508b1d56372df84c2cad44b99b65db360c0c31d409fe14d91eacf9072a

General

Target

transferir copia_03_05.exe
Size

823KB
MD5

4f1a54809ac8e534239bade40b46bfab
SHA1

cc4ae9e1888fa1071fcccc56f8e46253bd00b99a
SHA256

3488d309b21afbc3b481320bcf1209908813e2eb8a63df772f740426034b9958
SHA512

d13542d590ec6482f6c0bbbbf6d504f39c64fd28f8e32ebb239a33193c0afe4cd4e938ca6a966e115aeaa92e21b0581d32cf8a736e764d66b237d573e303a705

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

transferir copia_03_05.exe

description pid process target process

PID 2220 set thread context of 1988 2220 transferir copia_03_05.exe transferir copia_03_05.exe

description	pid	process	target process
PID 2220 set thread context of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe

Drops file in Windows directory 6 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\SoftwareDistribution\ReportingEvents.log	svchost.exe
File opened for modification	C:\Windows\WindowsUpdate.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.edb	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm	svchost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

svchost.exe

description	pid	process
Token: SeShutdownPrivilege	3156	svchost.exe
Token: SeCreatePagefilePrivilege	3156	svchost.exe
Token: SeShutdownPrivilege	3156	svchost.exe
Token: SeCreatePagefilePrivilege	3156	svchost.exe
Token: SeShutdownPrivilege	3156	svchost.exe
Token: SeCreatePagefilePrivilege	3156	svchost.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

transferir copia_03_05.exe

description	pid	process	target process
PID 2220 wrote to memory of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe
PID 2220 wrote to memory of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe
PID 2220 wrote to memory of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe
PID 2220 wrote to memory of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe
PID 2220 wrote to memory of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe
PID 2220 wrote to memory of 1988	2220	transferir copia_03_05.exe	transferir copia_03_05.exe

C:\Users\Admin\AppData\Local\Temp\transferir copia_03_05.exe
"C:\Users\Admin\AppData\Local\Temp\transferir copia_03_05.exe"
2⤵
PID:1988

memory/1988-145-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2220-130-0x0000000000630000-0x0000000000704000-memory.dmp

Filesize
848KB

Download
memory/2220-131-0x0000000005040000-0x00000000050DC000-memory.dmp

Filesize
624KB

Download
memory/2220-132-0x0000000005700000-0x0000000005CA4000-memory.dmp

Filesize
5.6MB

Download
memory/2220-133-0x00000000051F0000-0x0000000005282000-memory.dmp

Filesize
584KB

Download
memory/2220-134-0x0000000005130000-0x000000000513A000-memory.dmp

Filesize
40KB

Download
memory/2220-135-0x0000000005380000-0x00000000053D6000-memory.dmp

Filesize
344KB

Download
memory/2220-136-0x0000000005150000-0x00000000056F4000-memory.dmp

Filesize
5.6MB

Download
memory/3156-137-0x0000022B7C580000-0x0000022B7C590000-memory.dmp

Filesize
64KB

Download
memory/3156-144-0x0000022B7F960000-0x0000022B7F964000-memory.dmp

Filesize
16KB

Download