6924f403a387ba96d118aeea9969ecb6e3265776a78029553dd4adbd93fe567c

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 07:26

Target

swift_payment_pdf.exe
Size

713KB
MD5

8e32f87b4f51fac392122d3c43b2e54f
SHA1

ac11a7300dbec0d2b67e549b97d3a1ab4e30c94a
SHA256

e7c888a111eeb26eec94afc97e0f9b838fda41ab74e083cb5b94f06800890d2d
SHA512

e44f6575dc27347ffdd64465539ce58159ddbf0778d548973edb22ab18fb5aa735eb2328a6f1f144c59142d06036679da5979e2356105b23f42e260a3e80c655
SSDEEP

12288:05m/rFrlNf+wr8l1KwycLpArl/8zmT+khGodl+wP9934t/SLEhLpZNdfT:RFBuEwyc1AhEzpmGMl+wP9p4JlNp

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

swift_payment_pdf.exe

description pid process target process

PID 2568 set thread context of 2728 2568 swift_payment_pdf.exe swift_payment_pdf.exe
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

swift_payment_pdf.exe

pid process

2728 swift_payment_pdf.exe
2728 swift_payment_pdf.exe
2728 swift_payment_pdf.exe
2728 swift_payment_pdf.exe
2728 swift_payment_pdf.exe
2728 swift_payment_pdf.exe
2728 swift_payment_pdf.exe

description	pid	process	target process
PID 2568 set thread context of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

swift_payment_pdf.exe

description	pid	process	target process
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe
PID 2568 wrote to memory of 2728	2568	swift_payment_pdf.exe	swift_payment_pdf.exe

C:\Users\Admin\AppData\Local\Temp\swift_payment_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\swift_payment_pdf.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2728

memory/2568-13-0x0000000074410000-0x0000000074AFE000-memory.dmp

Filesize
6.9MB

Download
memory/2568-12-0x000000007441E000-0x000000007441F000-memory.dmp

Filesize
4KB

Download
memory/2568-2-0x0000000074410000-0x0000000074AFE000-memory.dmp

Filesize
6.9MB

Download
memory/2568-3-0x00000000004E0000-0x00000000004FA000-memory.dmp

Filesize
104KB

Download
memory/2568-0-0x000000007441E000-0x000000007441F000-memory.dmp

Filesize
4KB

Download
memory/2568-5-0x00000000003D0000-0x00000000003DC000-memory.dmp

Filesize
48KB

Download
memory/2568-1-0x00000000002C0000-0x0000000000378000-memory.dmp

Filesize
736KB

Download
memory/2568-6-0x0000000004DB0000-0x0000000004E3A000-memory.dmp

Filesize
552KB

Download
memory/2568-4-0x0000000000390000-0x0000000000398000-memory.dmp

Filesize
32KB

Download
memory/2728-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2728-11-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2728-8-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2728-7-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2728-14-0x0000000000830000-0x0000000000B33000-memory.dmp

Filesize
3.0MB

Download
memory/2728-15-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2728-16-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download