9497d4398c54ed5ed9f3b954ae86cc6b32e9370a7b11261463ffee4036b34e12

Analysis

max time kernel
159s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2023 05:20

Target

Payment document.exe
Size

842KB
MD5

de0b643459f59b88b3ae511b986eb868
SHA1

476a1bb239548c0d1c16ba415c425cd8b56d6c45
SHA256

999c708503ca5289854b3347f0a9115d596676ba1f41b51b0bf9ff1f12ced04f
SHA512

8253bfecd8a046bc394524317e46596ff8fee6db82c55656bd6f21784de64e415205482191b6d98c31df3c227f9863f06d4066768441dcf59aa5d0c9f664413a
SSDEEP

12288:f+uEfG3nUHprmxYsWzK5yge/AXjwmp8PPwRtb0KgHh8ntZMR+Z3DP:f+uEfG3UJrLvuvtXjSobK8ntKAL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4368	Payment document.exe
4368	Payment document.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	Payment document.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 4660	4368	Payment document.exe	84
PID 4368 wrote to memory of 4660	4368	Payment document.exe	84
PID 4368 wrote to memory of 4660	4368	Payment document.exe	84

C:\Users\Admin\AppData\Local\Temp\Payment document.exe
"C:\Users\Admin\AppData\Local\Temp\Payment document.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:4660

memory/4368-133-0x0000021F8AD70000-0x0000021F8AE42000-memory.dmp

Filesize
840KB

Download