be34c89f025f7c0309049f197eb3c50402094440bb8f83cc554975c674ad304d

Analysis

max time kernel
112s
max time network
117s
platform
windows7_x64
resource
win7
submitted
24-06-2020 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hf3cTSc1CVm268N.exe
Size

436KB
MD5

5e4518fbae6a46e0a54f8ac692228635
SHA1

d4d2a3292d21280cdbd1cb60da182e8a266d22d3
SHA256

be34c89f025f7c0309049f197eb3c50402094440bb8f83cc554975c674ad304d
SHA512

47a5c77e4bfac853e97e31cb71cc4196612c63898e9245dac59c78a5e182f2adc9b789ce28195bc5d06ac335664c08da22d0026380f7b30e1b17fb51870c995c

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

hf3cTSc1CVm268N.exe

pid process

1768 hf3cTSc1CVm268N.exe
1768 hf3cTSc1CVm268N.exe
1768 hf3cTSc1CVm268N.exe
1768 hf3cTSc1CVm268N.exe
1768 hf3cTSc1CVm268N.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

hf3cTSc1CVm268N.exe

description pid process

Token: SeDebugPrivilege 1768 hf3cTSc1CVm268N.exe

pid	process
1768	hf3cTSc1CVm268N.exe
1768	hf3cTSc1CVm268N.exe
1768	hf3cTSc1CVm268N.exe
1768	hf3cTSc1CVm268N.exe
1768	hf3cTSc1CVm268N.exe

description	pid	process
Token: SeDebugPrivilege	1768	hf3cTSc1CVm268N.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

hf3cTSc1CVm268N.exe

description	pid	process	target process
PID 1768 wrote to memory of 1844	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1844	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1844	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1844	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1860	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1860	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1860	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1860	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1384	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1384	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1384	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1384	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1888	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1888	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1888	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1888	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1880	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1880	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1880	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe
PID 1768 wrote to memory of 1880	1768	hf3cTSc1CVm268N.exe	hf3cTSc1CVm268N.exe

C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe
"C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1768

C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe
"{path}"
2⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe
"{path}"
2⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe
"{path}"
2⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe
"{path}"
2⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\hf3cTSc1CVm268N.exe
"{path}"
2⤵
PID:1880

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads