1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a

General

Target

1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
Size

783KB
MD5

fae8750fc4fbb827a87258ce330251a8
SHA1

1141f067de255d7442cfde1fc6991e20db57e4ba
SHA256

1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a
SHA512

251ecd8fda7a8cd4f5ca9c7714cbe4c5d9a12d329ae21e05757a8682b73abcc79b59d8f20105f3837eedd932c1b3473f6f58ef8fd1ae6ff3cb184692907192dc

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

pid	process
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

description pid process

Token: SeDebugPrivilege 1904 1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

description	pid	process
Token: SeDebugPrivilege	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
"C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1904

C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
"{path}"
2⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
"{path}"
2⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
"{path}"
2⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
"{path}"
2⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
"{path}"
2⤵
PID:524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1904-0-0x0000000073AF0000-0x00000000741DE000-memory.dmp

Filesize
6.9MB

Download
memory/1904-1-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1904-3-0x00000000006A0000-0x00000000006B4000-memory.dmp

Filesize
80KB

Download
memory/1904-4-0x0000000005A80000-0x0000000005B27000-memory.dmp

Filesize
668KB

Download

description	pid	process	target process
PID 1904 wrote to memory of 1928	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1928	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1928	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1928	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1912	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1912	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1912	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1912	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1900	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1900	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1900	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1900	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1932	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1932	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1932	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 1932	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 524	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 524	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 524	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe
PID 1904 wrote to memory of 524	1904	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe	1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a.exe

Analysis

Sharing