970406f2773fbbfc31cf831fb6c5de0b4fbc206e5f5fa9c93ad06e1209bda266

General

Target

PO#W056931PDF.exe
Size

1.8MB
MD5

1fe364ea6a61d9030191db48309cd0c1
SHA1

b16caf8eb59c391670ff34e9d7ad0502c9c27012
SHA256

970406f2773fbbfc31cf831fb6c5de0b4fbc206e5f5fa9c93ad06e1209bda266
SHA512

306278cdf03441afb2aa57792c96d1802906799d086d644feab0843ec0eef216df06ae02ac59663258423408f8686d6d7076ca41764bff8296fcdf8ab0f7050b

Score

1^/10

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

PO#W056931PDF.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PO#W056931PDF.exe

description pid process

Token: SeDebugPrivilege 324 PO#W056931PDF.exe

description	pid	process
Token: SeDebugPrivilege	324	PO#W056931PDF.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

PO#W056931PDF.exe

description	pid	process	target process
PID 324 wrote to memory of 1204	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1204	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1204	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1204	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1988	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1988	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1988	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1988	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2004	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2004	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2004	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2004	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2008	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2008	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2008	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 2008	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1764	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1764	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1764	324	PO#W056931PDF.exe	PO#W056931PDF.exe
PID 324 wrote to memory of 1764	324	PO#W056931PDF.exe	PO#W056931PDF.exe

C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe
"C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe"
2⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe
"C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe"
2⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe
"C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe"
2⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe
"C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe"
2⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe
"C:\Users\Admin\AppData\Local\Temp\PO#W056931PDF.exe"
2⤵
PID:1764

memory/324-54-0x0000000000150000-0x0000000000320000-memory.dmp

Filesize
1.8MB

Download
memory/324-55-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/324-56-0x0000000001F10000-0x0000000001F26000-memory.dmp

Filesize
88KB

Download
memory/324-57-0x00000000040E0000-0x00000000040EA000-memory.dmp

Filesize
40KB

Download
memory/324-58-0x0000000005B00000-0x0000000005CB0000-memory.dmp

Filesize
1.7MB

Download
memory/324-59-0x00000000085A0000-0x0000000008718000-memory.dmp

Filesize
1.5MB

Download