2a0d6ebfcca611f4249d12ea9fbf3b8bf44729d9db9ecfd0f43c72946febca24

Analysis

max time kernel
111s
max time network
45s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
01-08-2022 08:06

Target

Swift Copy.exe
Size

971KB
MD5

480994b2aba1ea6c8c72aeda3db6c64a
SHA1

29b9246b2d927fddd0d0fff372e564dde7292409
SHA256

2a0d6ebfcca611f4249d12ea9fbf3b8bf44729d9db9ecfd0f43c72946febca24
SHA512

736678e599d60c5375681b27e65aecae99e7350c81ffeb8d9d7073be17ccb7fee800e3779f3f8c43e46cbb8d3a3713df2700af235970f5610ce882543fd9a9e6

Score

1^/10

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

Swift Copy.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Swift Copy.exe

description pid process

Token: SeDebugPrivilege 1984 Swift Copy.exe

description	pid	process
Token: SeDebugPrivilege	1984	Swift Copy.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Swift Copy.exe

description	pid	process	target process
PID 1984 wrote to memory of 1328	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1328	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1328	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1328	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1196	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1196	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1196	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1196	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1536	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1536	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1536	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1536	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1532	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1532	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1532	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1532	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1740	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1740	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1740	1984	Swift Copy.exe	Swift Copy.exe
PID 1984 wrote to memory of 1740	1984	Swift Copy.exe	Swift Copy.exe

C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe
"C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe
  "C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe"
  2⤵
  PID:1328
- C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe
  "C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe"
  2⤵
  PID:1196
- C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe
  "C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe"
  2⤵
  PID:1536
- C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe
  "C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe"
  2⤵
  PID:1532
- C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe
  "C:\Users\Admin\AppData\Local\Temp\Swift Copy.exe"
  2⤵
  PID:1740

memory/1984-54-0x0000000000350000-0x0000000000448000-memory.dmp

Filesize
992KB

Download
memory/1984-55-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

Filesize
8KB

Download
memory/1984-56-0x0000000000580000-0x0000000000596000-memory.dmp

Filesize
88KB

Download
memory/1984-57-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download
memory/1984-58-0x0000000005F30000-0x0000000005FBE000-memory.dmp

Filesize
568KB

Download
memory/1984-59-0x0000000002330000-0x0000000002372000-memory.dmp

Filesize
264KB

Download