f01fa521086018767cf288a719022222f579bf5a00fd2e85089cae82fad2d798

Analysis

Target

SwiftSDM.scan.pdf..exe
Size

745KB
MD5

b881533b7b297c09802c0b74adbd2936
SHA1

23e8bcb9a029df6f8ee460eec6ac600459d6eed3
SHA256

0ceca38c78e5862c0d87d4c0dfacfb25fef8310e502415721c35331f1315cc04
SHA512

caa530f0fff257b66b2ae107a8ffdd2df910a24c640559965491e2281a99949aae0761a537ee7bd349b4154f03f27d991435270b09cdb97df0d02e29e8ac4497

Score

6^/10

persistence

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chrome = "\"C:\\Users\\Admin\\chrome.exe\""	SwiftSDM.scan.pdf..exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3848	SwiftSDM.scan.pdf..exe

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3848-130-0x0000000000AC0000-0x0000000000B80000-memory.dmp

Filesize
768KB

Download
memory/3848-131-0x0000000005C00000-0x00000000061A4000-memory.dmp

Filesize
5.6MB

Download
memory/3848-132-0x0000000005520000-0x00000000055B2000-memory.dmp

Filesize
584KB

Download
memory/3848-133-0x00000000055C0000-0x00000000055CA000-memory.dmp

Filesize
40KB

Download
memory/3848-134-0x0000000005940000-0x00000000059DC000-memory.dmp

Filesize
624KB

Download
memory/3848-135-0x0000000006420000-0x0000000006486000-memory.dmp

Filesize
408KB

Download