Overview

overview

10

Static

static

3

SWFTMT1038...DF.exe

windows7-x64

10

SWFTMT1038...DF.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2023 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SWFTMT1038146735PDF.exe

  • Size

    696KB

  • MD5

    eae5575afd765d679ea1a05bb4baae43

  • SHA1

    7cdbf3550b3ecda84b1ece2beff680a2e5cc6e5b

  • SHA256

    5c0379a54fc0effe3a56e4d5fb623f8ac3e711da65434d7a22f9fa7e55758460

  • SHA512

    d45b4adad7fc31e74e0e187311276d2fdcd95988c5a57bb4a4fadf79a22f4ddba395af643d5612686112ccd17e33482ce7c9bff4835aeee7fdf75df027041a9c

  • SSDEEP

    12288:9ll5nF8bVdqrlb/9W0ri8DKYxT5buy8R0BNyQ+lvcjAsxyRr7wvh:7luqhb06DKYV5CTR0BgQ6XSyuJ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe"
      2⤵
        PID:4396
      • C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe
        "C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe"
        2⤵
          PID:1864
        • C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe
          "C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe"
          2⤵
            PID:268
          • C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe
            "C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe"
            2⤵
              PID:4392
            • C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe
              "C:\Users\Admin\AppData\Local\Temp\SWFTMT1038146735PDF.exe"
              2⤵
                PID:5108

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4760-0-0x0000000074CA0000-0x0000000075450000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/4760-1-0x0000000000BA0000-0x0000000000C52000-memory.dmp

              Filesize

              712KB

              Download

            • memory/4760-2-0x0000000005BC0000-0x0000000006164000-memory.dmp

              Filesize

              5.6MB

              Download

            • memory/4760-3-0x0000000005610000-0x00000000056A2000-memory.dmp

              Filesize

              584KB

              Download

            • memory/4760-4-0x0000000005770000-0x0000000005780000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4760-5-0x00000000056B0000-0x00000000056BA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/4760-6-0x00000000059F0000-0x0000000005A08000-memory.dmp

              Filesize

              96KB

              Download

            • memory/4760-7-0x0000000074CA0000-0x0000000075450000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/4760-9-0x0000000005A30000-0x0000000005A3A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/4760-8-0x0000000005A20000-0x0000000005A28000-memory.dmp

              Filesize

              32KB

              Download

            • memory/4760-10-0x0000000005770000-0x0000000005780000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4760-11-0x0000000006E70000-0x0000000006EEA000-memory.dmp

              Filesize

              488KB

              Download

            • memory/4760-12-0x0000000006CE0000-0x0000000006D7C000-memory.dmp

              Filesize

              624KB

              Download

            • memory/4760-14-0x0000000074CA0000-0x0000000075450000-memory.dmp

              Filesize

              7.7MB

              Download