General
Target
Filesize
Completed
Task
PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
781KB
03-06-2020 12:06
behavioral1
Score
1/10
MD5
SHA1
SHA256
SHA256
f31581564b5bbc14d3c862c2be157a52
64e62fe3198a16cb205acd31400af967ad3dd347
7c0f66eed3a2fc7c90ab5db03483aada693894a77a1480e22521ccf422a08ba3
ded28a91894313cbdd5678ec191c1e138d524ce3785ca96a255b2bc09cf5f18b8d287a48cf6b754d658f5ab70d95f933899208dc54c21f6b113a0e87200f3f1a
Malware Config
Signatures 3
Filter: none
-
Suspicious use of AdjustPrivilegeTokenPO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
Reported IOCs
description pid process Token: SeDebugPrivilege 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe -
Suspicious behavior: EnumeratesProcessesPO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
Reported IOCs
pid process 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe -
Suspicious use of WriteProcessMemoryPO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
Reported IOCs
description pid process target process PID 1400 wrote to memory of 1616 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1616 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1616 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1616 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1568 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1568 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1568 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1568 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1564 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1564 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1564 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1564 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1544 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1544 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1544 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1544 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1584 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1584 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1584 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PID 1400 wrote to memory of 1584 1400 PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe
Processes 6
-
C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"Suspicious use of AdjustPrivilegeTokenSuspicious behavior: EnumeratesProcessesSuspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"{path}"
-
C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"{path}"
-
C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"{path}"
-
C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"{path}"
-
C:\Users\Admin\AppData\Local\Temp\PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe"{path}"
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
Title
Loading data