Task
task1
Task
task2
General
-
Target
Exes_5b4bd24d6240f467bfbc74803c9f15b0.1
-
Sample
190729-yt7yv8a68x
-
SHA256
14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
Score
N/A
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid PID 2024 wrote to memory of 1952 1952 -
Suspicious use of WriteProcessMemory 1 TTPs 4 IoCs
description pid PID 1952 wrote to memory of 1344 1344 PID 1952 wrote to memory of 352 352 PID 1952 wrote to memory of 1996 1996 PID 1952 wrote to memory of 1760 1760 -
Suspicious use of AdjustPrivilegeToken 1 TTPs 1 IoCs
description Token: SeDebugPrivilege -
Suspicious behavior: EnumeratesProcesses
-
Suspicious use of FindShellTrayWindow 1 TTPs
-
Suspicious use of SendNotifyMessage 1 TTPs
-
powershell_execpolicy 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 TTPs 1 IoCs
description Token: SeDebugPrivilege -
Suspicious behavior: EnumeratesProcesses
-
powershell_execpolicy 1 TTPs
-
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid PID 352 wrote to memory of 1756 1756 -
Suspicious use of AdjustPrivilegeToken 1 TTPs 1 IoCs
description Token: SeDebugPrivilege -
Suspicious behavior: EnumeratesProcesses
-
Deletes itself 1 TTPs