f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4

Analysis

max time kernel
130s
max time network
137s
platform
windows7_x64
resource
win7
submitted
30-06-2020 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8r9tVWwqo5U1Myj.exe
Size

774KB
MD5

da562b863edb03d976b5ba170ecb2961
SHA1

561696a793ce3ef7f39ca1045a034dd08ec3e7f1
SHA256

f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4
SHA512

41a7a86f71851e0a5ef6244fd33b25108209d6c0477a00b56539a2773ab497dca5c34dda693a8bf77ab3355b48c8096c6eff51be577a468a754cfa87bdbdbfa4

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

8r9tVWwqo5U1Myj.exe

pid process

1124 8r9tVWwqo5U1Myj.exe
1124 8r9tVWwqo5U1Myj.exe
1124 8r9tVWwqo5U1Myj.exe
1124 8r9tVWwqo5U1Myj.exe
1124 8r9tVWwqo5U1Myj.exe

pid	process
1124	8r9tVWwqo5U1Myj.exe
1124	8r9tVWwqo5U1Myj.exe
1124	8r9tVWwqo5U1Myj.exe
1124	8r9tVWwqo5U1Myj.exe
1124	8r9tVWwqo5U1Myj.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

8r9tVWwqo5U1Myj.exe

description	pid	process	target process
PID 1124 wrote to memory of 1288	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1288	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1288	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1288	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1424	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1424	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1424	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1424	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1436	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1436	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1436	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1436	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1440	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1440	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1440	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1440	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1452	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1452	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1452	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe
PID 1124 wrote to memory of 1452	1124	8r9tVWwqo5U1Myj.exe	8r9tVWwqo5U1Myj.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

8r9tVWwqo5U1Myj.exe

description pid process

Token: SeDebugPrivilege 1124 8r9tVWwqo5U1Myj.exe

description	pid	process
Token: SeDebugPrivilege	1124	8r9tVWwqo5U1Myj.exe

C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
"C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
PID:1124

C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
"{path}"
2⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
"{path}"
2⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
"{path}"
2⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
"{path}"
2⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\8r9tVWwqo5U1Myj.exe
"{path}"
2⤵
PID:1452

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads