92aaded03ae797099fdc30885e152dbc90c0159a0ec493743aa50a67fdc27097

General

Target

COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
Size

753KB
MD5

396d3bf7bf022ef37489dba74bf09b35
SHA1

13cd1d0c6b8615e4982689142960b51188d1f675
SHA256

c4ac65ea4af1e9c789530885c0d2bb838b218553a1fb6e2a6c3a40258f3aafb0
SHA512

e62dc758ea6230ecff46aff954594ed4638934a0038651c78b0df1d66f298d9547c828c38bf25dcd21769d091c2a62101bf995d26d8d947cdbf41bf54fd0ea9a
SSDEEP

12288:sA5sB0O6JhZ8FzZ1Ih0tomBGI+Y/7gPOPZ9+4JJP1D/NdasS31XB8U32WP+NoLP6:sA5EuD8FzIh0tBBL+Yz/3rdjS1Bj32Rv

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 1312	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	28
PID 836 wrote to memory of 1312	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	28
PID 836 wrote to memory of 1312	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	28
PID 836 wrote to memory of 1312	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	28
PID 836 wrote to memory of 968	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	29
PID 836 wrote to memory of 968	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	29
PID 836 wrote to memory of 968	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	29
PID 836 wrote to memory of 968	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	29
PID 836 wrote to memory of 568	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	30
PID 836 wrote to memory of 568	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	30
PID 836 wrote to memory of 568	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	30
PID 836 wrote to memory of 568	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	30
PID 836 wrote to memory of 1472	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	31
PID 836 wrote to memory of 1472	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	31
PID 836 wrote to memory of 1472	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	31
PID 836 wrote to memory of 1472	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	31
PID 836 wrote to memory of 1144	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	32
PID 836 wrote to memory of 1144	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	32
PID 836 wrote to memory of 1144	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	32
PID 836 wrote to memory of 1144	836	COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe	32

C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
"C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:836
- C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
  "C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe"
  2⤵
  PID:1312
- C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
  "C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe"
  2⤵
  PID:968
- C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
  "C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe"
  2⤵
  PID:568
- C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
  "C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe"
  2⤵
  PID:1472
- C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe
  "C:\Users\Admin\AppData\Local\Temp\COMPANY CATALOG PROFILE- Qingdao Wisdom International Supply Chain Management Co Ltd.exe"
  2⤵
  PID:1144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-54-0x0000000000360000-0x0000000000422000-memory.dmp

Filesize
776KB

Download
memory/836-55-0x0000000004A20000-0x0000000004A60000-memory.dmp

Filesize
256KB

Download
memory/836-56-0x00000000004E0000-0x0000000000500000-memory.dmp

Filesize
128KB

Download
memory/836-57-0x0000000004A20000-0x0000000004A60000-memory.dmp

Filesize
256KB

Download
memory/836-58-0x0000000000510000-0x000000000051C000-memory.dmp

Filesize
48KB

Download
memory/836-59-0x00000000056E0000-0x0000000005782000-memory.dmp

Filesize
648KB

Download
memory/836-60-0x00000000042C0000-0x00000000042E8000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads