a66b9f39d269afb6b968c776837fa152fee65ccda289f59b1144343957aee06b

Analysis

Target

New Order.exe
Size

427KB
MD5

9fa90422f13ff85f849c28367ad97e11
SHA1

7c920bb3c70c1f133d7b7a12df8f4ce6f1a262fa
SHA256

23f570b95cb1580bf303918349c89d37bfefa19c76dc269b8af9be2438693da4
SHA512

5aa6e87e75eeb356135b907a913e63289cf4465b7134c89f40b8d8046b5c99323781e754bda8eed0097f3f8788d01ca695af90620779f1f9034a870cfca412d9

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

New Order.exe

pid process

1676 New Order.exe
1676 New Order.exe
1676 New Order.exe
1676 New Order.exe
1676 New Order.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

New Order.exe

description pid process

Token: SeDebugPrivilege 1676 New Order.exe

description	pid	process
Token: SeDebugPrivilege	1676	New Order.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

New Order.exe

description	pid	process	target process
PID 1676 wrote to memory of 912	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 912	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 912	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 912	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 916	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 916	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 916	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 916	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1716	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1716	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1716	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1716	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1412	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1412	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1412	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1412	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1152	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1152	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1152	1676	New Order.exe	New Order.exe
PID 1676 wrote to memory of 1152	1676	New Order.exe	New Order.exe

memory/1676-54-0x0000000076451000-0x0000000076453000-memory.dmp

Filesize
8KB

Download
memory/1676-55-0x0000000074910000-0x0000000074EBB000-memory.dmp

Filesize
5.7MB

Download