Overview

overview

3

Static

static

1

SwiftPOS.A...ng.exe

windows7-x64

3

SwiftPOS.A...ng.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SwiftPOS.Advertising.exe

  • Size

    1.6MB

  • MD5

    cc2be3f9d1069cd33e9ef19337feac00

  • SHA1

    7fdc9d26174a12e3a8ddbb99d2dc5e989902a2ea

  • SHA256

    9e29c2ace0848712f41e6f3e4cbf1d894aa860cc774c8a622f55883c235d5a56

  • SHA512

    a56d3dfcd9139c6842026ddba5697fbada49e0b2e9b0b74b1e13ba12ecde59f8bd8e2d3111c4bd1239fadb1db8f456b0ae024f5c1bdac5072d7d59cbec56d6c8

  • SSDEEP

    24576:HdvxxLF6WvX2BLGJsPk9tro9OYI2QKv18Y5xP/OdgX:JjPiGJsPk9tUI2TvnzP/OW

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SwiftPOS.Advertising.exe
    "C:\Users\Admin\AppData\Local\Temp\SwiftPOS.Advertising.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3276
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 1216
      2⤵
      • Program crash
      PID:2184
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3276 -ip 3276
    1⤵
      PID:3452

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3276-0-0x0000000000720000-0x00000000008C6000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3276-1-0x0000000075210000-0x00000000759C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3276-2-0x00000000052E0000-0x00000000052F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3276-3-0x00000000052F0000-0x000000000538C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/3276-5-0x0000000005390000-0x0000000005422000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3276-4-0x0000000005940000-0x0000000005EE4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3276-6-0x00000000052B0000-0x00000000052BA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3276-7-0x0000000005490000-0x00000000054E6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/3276-8-0x0000000075210000-0x00000000759C0000-memory.dmp

      Filesize

      7.7MB

      Download