4508478f72d7aadcdaa5a076cee956fcf96eff8987bc77063bee1c7a8d0f8390

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 07:02

Target

SWIFT.exe
Size

108KB
MD5

45e1f17158de78fe84e61450678236c1
SHA1

81a8064a79805cdb9e47658cc5944ad04f7de100
SHA256

4508478f72d7aadcdaa5a076cee956fcf96eff8987bc77063bee1c7a8d0f8390
SHA512

f747ca641be2f440e38007abc026fc57fa56a255a7e50dcac996c82d5c85fe974c430c80d2b1e9dec4a94f8dbd5c23475ce06d58de21f0acb596b9a362b86b3c
SSDEEP

1536:E3vQ2Vo984tJ32d0zxBty01AGtNAjvpJla938l49V/Y2AeI+CukCToN:4vr34tQdUrty0lNAjvpJY/Y2AeI+uC

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3048	SWIFT.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2936	3048	SWIFT.exe	31
PID 3048 wrote to memory of 2936	3048	SWIFT.exe	31
PID 3048 wrote to memory of 2936	3048	SWIFT.exe	31
PID 3048 wrote to memory of 2936	3048	SWIFT.exe	31
PID 3048 wrote to memory of 2552	3048	SWIFT.exe	32
PID 3048 wrote to memory of 2552	3048	SWIFT.exe	32
PID 3048 wrote to memory of 2552	3048	SWIFT.exe	32
PID 3048 wrote to memory of 2552	3048	SWIFT.exe	32
PID 3048 wrote to memory of 2284	3048	SWIFT.exe	33
PID 3048 wrote to memory of 2284	3048	SWIFT.exe	33
PID 3048 wrote to memory of 2284	3048	SWIFT.exe	33
PID 3048 wrote to memory of 2284	3048	SWIFT.exe	33
PID 3048 wrote to memory of 2932	3048	SWIFT.exe	34
PID 3048 wrote to memory of 2932	3048	SWIFT.exe	34
PID 3048 wrote to memory of 2932	3048	SWIFT.exe	34
PID 3048 wrote to memory of 2932	3048	SWIFT.exe	34
PID 3048 wrote to memory of 2776	3048	SWIFT.exe	35
PID 3048 wrote to memory of 2776	3048	SWIFT.exe	35
PID 3048 wrote to memory of 2776	3048	SWIFT.exe	35
PID 3048 wrote to memory of 2776	3048	SWIFT.exe	35

C:\Users\Admin\AppData\Local\Temp\SWIFT.exe
"C:\Users\Admin\AppData\Local\Temp\SWIFT.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2936
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2552
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2284
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2932
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2776

memory/3048-0-0x000007FEF5C03000-0x000007FEF5C04000-memory.dmp

Filesize
4KB

Download
memory/3048-1-0x0000000000950000-0x0000000000970000-memory.dmp

Filesize
128KB

Download
memory/3048-2-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/3048-3-0x0000000000240000-0x000000000024A000-memory.dmp

Filesize
40KB

Download
memory/3048-4-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download