70e6066712386cd030bb8a6b9ef4f6972d4da1035f547cbdbf93a71a79e2a951

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-09-2022 22:23

Target

payment copy.exe
Size

890KB
MD5

f2930c042eb6ec47af52acde3f5a3b52
SHA1

7fe71449b27a4284adaf63f473b8152cfc7bbc99
SHA256

70e6066712386cd030bb8a6b9ef4f6972d4da1035f547cbdbf93a71a79e2a951
SHA512

3a212c5a340e440953857be8bc4f5f6382624cfa5c1dced942ba9bb11206eaa0cef204336ce03dd0002b4566f37bb559c9dab6f23f1934c967a2c173290a06cf
SSDEEP

12288:vuZL7Y/mYagzSg+nesdJwNlp1tRUwtx+/lKn5JQH:vuZfimifNlPtyjlIy

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

payment copy.exe

pid process

2024 payment copy.exe
2024 payment copy.exe
2024 payment copy.exe
2024 payment copy.exe
2024 payment copy.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

payment copy.exe

description pid process

Token: SeDebugPrivilege 2024 payment copy.exe

description	pid	process
Token: SeDebugPrivilege	2024	payment copy.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

payment copy.exe

description	pid	process	target process
PID 2024 wrote to memory of 1224	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1224	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1224	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1224	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1880	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1880	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1880	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 1880	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 520	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 520	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 520	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 520	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 764	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 764	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 764	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 764	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 456	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 456	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 456	2024	payment copy.exe	payment copy.exe
PID 2024 wrote to memory of 456	2024	payment copy.exe	payment copy.exe

C:\Users\Admin\AppData\Local\Temp\payment copy.exe
"C:\Users\Admin\AppData\Local\Temp\payment copy.exe"
2⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\payment copy.exe
"C:\Users\Admin\AppData\Local\Temp\payment copy.exe"
2⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\payment copy.exe
"C:\Users\Admin\AppData\Local\Temp\payment copy.exe"
2⤵
PID:520

C:\Users\Admin\AppData\Local\Temp\payment copy.exe
"C:\Users\Admin\AppData\Local\Temp\payment copy.exe"
2⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\payment copy.exe
"C:\Users\Admin\AppData\Local\Temp\payment copy.exe"
2⤵
PID:456

memory/2024-54-0x0000000000360000-0x0000000000444000-memory.dmp

Filesize
912KB

Download
memory/2024-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/2024-56-0x0000000000340000-0x0000000000354000-memory.dmp

Filesize
80KB

Download
memory/2024-57-0x0000000000350000-0x000000000035C000-memory.dmp

Filesize
48KB

Download
memory/2024-58-0x0000000007EA0000-0x0000000007F20000-memory.dmp

Filesize
512KB

Download
memory/2024-59-0x0000000007DF0000-0x0000000007E16000-memory.dmp

Filesize
152KB

Download