Analysis
-
max time kernel
181s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:44
Static task
static1
Behavioral task
behavioral1
Sample
SwiftLCCM.scan.pdf..exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SwiftLCCM.scan.pdf..exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
SwiftLCCM.scan.pdf..exe
-
Size
378KB
-
MD5
a3eec98af0fabb24461e543dc05e4ac9
-
SHA1
ada78ad3c6dfc5ee6490c615094283f7ed4811f6
-
SHA256
56b7da0dee74f57d90b0f1f5e1871c153d399521f9361a96dc3d298ae9f0d462
-
SHA512
96cf4d0e789dce546a24081413a198c1ba51a753ce6b9ca85d1f8455b6112da2c1d5f96c47c8a2d14571ab96150375e277a7c32cedff99205dd35e8187856fd2
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
SwiftLCCM.scan.pdf..exepid process 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe 4656 SwiftLCCM.scan.pdf..exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SwiftLCCM.scan.pdf..exedescription pid process Token: SeDebugPrivilege 4656 SwiftLCCM.scan.pdf..exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4656-130-0x0000000000CA0000-0x0000000000D04000-memory.dmpFilesize
400KB
-
memory/4656-131-0x0000000005C90000-0x0000000006234000-memory.dmpFilesize
5.6MB
-
memory/4656-132-0x00000000056E0000-0x0000000005772000-memory.dmpFilesize
584KB
-
memory/4656-133-0x00000000056B0000-0x00000000056BA000-memory.dmpFilesize
40KB
-
memory/4656-134-0x00000000059E0000-0x0000000005A7C000-memory.dmpFilesize
624KB
-
memory/4656-135-0x0000000006540000-0x00000000065A6000-memory.dmpFilesize
408KB