Task
task1
Task
task2
General
-
Target
m)hhm.exe
-
Sample
190730-twrv8j2yqn
-
SHA256
f868e88eb2524d15cfcd87afdf697074e0f9785792f342044501347dce549a1f
Score
N/A
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 1 TTPs 8 IoCs
description pid PID 2476 wrote to memory of 2516 2516 PID 2476 wrote to memory of 2636 2636 PID 2476 wrote to memory of 3456 3456 PID 2476 wrote to memory of 2376 2376 PID 2476 wrote to memory of 3916 3916 PID 2476 wrote to memory of 3884 3884 PID 2476 wrote to memory of 2664 2664 PID 2476 wrote to memory of 2456 2456 -
Enumerates processes with tasklist 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 TTPs 1 IoCs
description Token: SeDebugPrivilege -
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid PID 2376 wrote to memory of 1676 1676 -
Suspicious use of AdjustPrivilegeToken 1 TTPs 21 IoCs
description Token: SeIncreaseQuotaPrivilege Token: SeSecurityPrivilege Token: SeTakeOwnershipPrivilege Token: SeLoadDriverPrivilege Token: SeSystemProfilePrivilege Token: SeSystemtimePrivilege Token: SeProfSingleProcessPrivilege Token: SeIncBasePriorityPrivilege Token: SeCreatePagefilePrivilege Token: SeBackupPrivilege Token: SeRestorePrivilege Token: SeShutdownPrivilege Token: SeDebugPrivilege Token: SeSystemEnvironmentPrivilege Token: SeRemoteShutdownPrivilege Token: SeUndockPrivilege Token: SeManageVolumePrivilege Token: 33 Token: 34 Token: 35 Token: 36 -
Enumerates processes with tasklist 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 TTPs 1 IoCs
description Token: SeDebugPrivilege -
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid PID 2456 wrote to memory of 3940 3940 -
Suspicious use of AdjustPrivilegeToken 1 TTPs 21 IoCs
description Token: SeIncreaseQuotaPrivilege Token: SeSecurityPrivilege Token: SeTakeOwnershipPrivilege Token: SeLoadDriverPrivilege Token: SeSystemProfilePrivilege Token: SeSystemtimePrivilege Token: SeProfSingleProcessPrivilege Token: SeIncBasePriorityPrivilege Token: SeCreatePagefilePrivilege Token: SeBackupPrivilege Token: SeRestorePrivilege Token: SeShutdownPrivilege Token: SeDebugPrivilege Token: SeSystemEnvironmentPrivilege Token: SeRemoteShutdownPrivilege Token: SeUndockPrivilege Token: SeManageVolumePrivilege Token: 33 Token: 34 Token: 35 Token: 36 -
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid PID 2576 wrote to memory of 1460 1460