Overview

overview

7

Static

static

3

SWIFT COPY.exe

windows7-x64

7

SWIFT COPY.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    194s
  • max time network
    201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 06:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SWIFT COPY.exe

  • Size

    698KB

  • MD5

    3c7ebe1e242ff26c729ace86a057f728

  • SHA1

    38e2b316bac97abe7a889de7e009791b478ac581

  • SHA256

    5452d5591e734d9e447e2daac94374327b1f81fd48c111b139f0bda6ffad2fc5

  • SHA512

    509711b7d3e69b7350dd7b2300654ac90e1098ccf6c2929adf3d7a8c162a93a03e76fd834d777facc6469e1c91d19e3f08c27d8427a69265f526795c6edb7b6a

  • SSDEEP

    12288:7cLAckjb4TZ/N01+tDZsMjJt5tTNR0FbeYQdGwb3y79tlw+GfB:MkH4TZqgtqMjnPTNR0F6pzo3nG

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3172
      • C:\Users\Admin\AppData\Local\Temp\SWIFT COPY.exe
        "C:\Users\Admin\AppData\Local\Temp\SWIFT COPY.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1448
        • C:\Users\Admin\AppData\Local\Temp\SWIFT COPY.exe
          "C:\Users\Admin\AppData\Local\Temp\SWIFT COPY.exe"
          3⤵
            PID:836
          • C:\Users\Admin\AppData\Local\Temp\SWIFT COPY.exe
            "C:\Users\Admin\AppData\Local\Temp\SWIFT COPY.exe"
            3⤵
            • Checks computer location settings
            • Suspicious use of SetThreadContext
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of AdjustPrivilegeToken
            PID:3696

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1448-10-0x0000000006640000-0x000000000664C000-memory.dmp

              Filesize

              48KB

              Download

            • memory/1448-1-0x0000000074D40000-0x00000000754F0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1448-2-0x0000000005830000-0x0000000005DD4000-memory.dmp

              Filesize

              5.6MB

              Download

            • memory/1448-3-0x0000000005320000-0x00000000053B2000-memory.dmp

              Filesize

              584KB

              Download

            • memory/1448-4-0x0000000005490000-0x00000000054A0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1448-5-0x0000000074D40000-0x00000000754F0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1448-6-0x0000000005490000-0x00000000054A0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1448-7-0x00000000053E0000-0x00000000053EA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/1448-9-0x0000000006630000-0x000000000663A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/1448-8-0x0000000006F40000-0x0000000006F56000-memory.dmp

              Filesize

              88KB

              Download

            • memory/1448-12-0x0000000009770000-0x000000000980C000-memory.dmp

              Filesize

              624KB

              Download

            • memory/1448-11-0x00000000070D0000-0x000000000714A000-memory.dmp

              Filesize

              488KB

              Download

            • memory/1448-0-0x00000000009C0000-0x0000000000A74000-memory.dmp

              Filesize

              720KB

              Download

            • memory/1448-15-0x0000000074D40000-0x00000000754F0000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/3696-13-0x0000000000400000-0x000000000043A000-memory.dmp

              Filesize

              232KB

              Download

            • memory/3696-16-0x0000000000400000-0x000000000043A000-memory.dmp

              Filesize

              232KB

              Download

            • memory/3696-17-0x00000000011F0000-0x000000000153A000-memory.dmp

              Filesize

              3.3MB

              Download

            • memory/3696-18-0x0000000000400000-0x000000000043A000-memory.dmp

              Filesize

              232KB

              Download

            • memory/3696-19-0x0000000000400000-0x000000000043A000-memory.dmp

              Filesize

              232KB

              Download

            • memory/3696-20-0x0000000005190000-0x00000000051B5000-memory.dmp

              Filesize

              148KB

              Download