a68672b1ebb95bb719b551cbc3b72c53d5e256004c519039dc02649ff166b4da

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-08-2022 13:05

Target

SWIFT IMG_2022082__000021001.pdf.exe
Size

22KB
MD5

20a84bfdd16cd3e1b6849ea1ea9c4d0a
SHA1

66082f545e8c54c3574aa21c09cc2cafeddc6c59
SHA256

a68672b1ebb95bb719b551cbc3b72c53d5e256004c519039dc02649ff166b4da
SHA512

120d7792ccf28a54b59e62e7e592facd4c7b5247978b6224694aa9be53a36bfb9b258feee87148f750b44d8359b699acb6176f5e8bce9d302a7c1d17bb84e5c8
SSDEEP

192:2f+zZKZFq3WFjLpeBYY8zyfCCZtdT4NYHefn3Z2FT9TDvtAE230ZckEDt3ECJ:TzUZVFYBt8z3C2+Hef4ddBZA0Zva0C

Score

6^/10

discovery

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1316	SWIFT IMG_2022082__000021001.pdf.exe

C:\Users\Admin\AppData\Local\Temp\SWIFT IMG_2022082__000021001.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\SWIFT IMG_2022082__000021001.pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1316

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1316-54-0x00000000002C0000-0x00000000002CC000-memory.dmp

Filesize
48KB

Download
memory/1316-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download