07e858606138fffa52b802f81ca769f8d24ca1c774aedffc44d70bc4c8682753

General

Target

SC_TR11670000_pdf.exe
Size

791KB
MD5

5e2995a12ec2cf797d09fd95114aa311
SHA1

f6da1ad0c233b9207378f28f1ff9796f32f5f71b
SHA256

07e858606138fffa52b802f81ca769f8d24ca1c774aedffc44d70bc4c8682753
SHA512

b8cf408c57cdd13cffc9602d632c64c96578dab46928adeedd0d35fe78860e53c47bd1d58083aa1aa85b2d4a6aa3ec5c89d3da225dad799cea8848bee59956b5
SSDEEP

24576:KKJF5NFAMqHMt7hqad9MSvpd26ssKHFx:zJFZARHywSX2IKFx

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2756 set thread context of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2940 set thread context of 1184	2940	SC_TR11670000_pdf.exe	13
PID 2940 set thread context of 2808	2940	SC_TR11670000_pdf.exe	31
PID 2808 set thread context of 1184	2808	dvdplay.exe	13

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2756	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2940	SC_TR11670000_pdf.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe
2808	dvdplay.exe

Suspicious behavior: MapViewOfSection 5 IoCs

pid	Process
2940	SC_TR11670000_pdf.exe
1184	Explorer.EXE
1184	Explorer.EXE
2808	dvdplay.exe
2808	dvdplay.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2756	SC_TR11670000_pdf.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 2756 wrote to memory of 2940	2756	SC_TR11670000_pdf.exe	28
PID 1184 wrote to memory of 2808	1184	Explorer.EXE	31
PID 1184 wrote to memory of 2808	1184	Explorer.EXE	31
PID 1184 wrote to memory of 2808	1184	Explorer.EXE	31
PID 1184 wrote to memory of 2808	1184	Explorer.EXE	31

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\Temp\SC_TR11670000_pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\SC_TR11670000_pdf.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\SC_TR11670000_pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\SC_TR11670000_pdf.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:2940
- C:\Windows\SysWOW64\dvdplay.exe
  "C:\Windows\SysWOW64\dvdplay.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-24-0x0000000008B70000-0x000000000991B000-memory.dmp

Filesize
13.7MB

Download
memory/1184-22-0x0000000003970000-0x0000000003B70000-memory.dmp

Filesize
2.0MB

Download
memory/1184-33-0x0000000008B70000-0x000000000991B000-memory.dmp

Filesize
13.7MB

Download
memory/2756-5-0x0000000000950000-0x0000000000962000-memory.dmp

Filesize
72KB

Download
memory/2756-0-0x0000000001080000-0x000000000114C000-memory.dmp

Filesize
816KB

Download
memory/2756-3-0x0000000000910000-0x0000000000930000-memory.dmp

Filesize
128KB

Download
memory/2756-6-0x0000000005250000-0x00000000052D8000-memory.dmp

Filesize
544KB

Download
memory/2756-7-0x0000000074CE0000-0x00000000753CE000-memory.dmp

Filesize
6.9MB

Download
memory/2756-1-0x0000000074CE0000-0x00000000753CE000-memory.dmp

Filesize
6.9MB

Download
memory/2756-4-0x0000000000940000-0x000000000094E000-memory.dmp

Filesize
56KB

Download
memory/2756-2-0x0000000004C00000-0x0000000004C40000-memory.dmp

Filesize
256KB

Download
memory/2756-17-0x0000000074CE0000-0x00000000753CE000-memory.dmp

Filesize
6.9MB

Download
memory/2756-15-0x0000000004C00000-0x0000000004C40000-memory.dmp

Filesize
256KB

Download
memory/2808-30-0x0000000000080000-0x00000000000BC000-memory.dmp

Filesize
240KB

Download
memory/2808-31-0x00000000004A0000-0x0000000000542000-memory.dmp

Filesize
648KB

Download
memory/2808-29-0x0000000000A30000-0x0000000000D33000-memory.dmp

Filesize
3.0MB

Download
memory/2808-34-0x0000000000080000-0x00000000000BC000-memory.dmp

Filesize
240KB

Download
memory/2808-26-0x0000000000080000-0x00000000000BC000-memory.dmp

Filesize
240KB

Download
memory/2808-25-0x0000000000080000-0x00000000000BC000-memory.dmp

Filesize
240KB

Download
memory/2808-35-0x00000000004A0000-0x0000000000542000-memory.dmp

Filesize
648KB

Download
memory/2940-19-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-23-0x00000000002B0000-0x00000000002D3000-memory.dmp

Filesize
140KB

Download
memory/2940-21-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-20-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-27-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-28-0x00000000002B0000-0x00000000002D3000-memory.dmp

Filesize
140KB

Download
memory/2940-18-0x0000000000950000-0x0000000000C53000-memory.dmp

Filesize
3.0MB

Download
memory/2940-16-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-14-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2940-10-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2940-8-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing