d25be05d2b6dc4275fb36d639f4e3e4598e42b904d0748e0574941cb6899ba51

General

Target

nwamamassloga.scr
Size

6.0MB
MD5

8d3ae4916c4df02016b0ac0e900341e5
SHA1

6ccab03ec2c6ecfebc013dd39c84d03742f541e8
SHA256

d25be05d2b6dc4275fb36d639f4e3e4598e42b904d0748e0574941cb6899ba51
SHA512

8840533d06655949d54e8c7fba6a868c5244744226b574c4d5f25da84caddc4a6543bd7b5a8183278be29d0bdda5f29473a6c652f9d93ce6ad7278da41c2799f

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

nwamamassloga.scr

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

nwamamassloga.scr

description pid process

Token: SeDebugPrivilege 848 nwamamassloga.scr

description	pid	process
Token: SeDebugPrivilege	848	nwamamassloga.scr

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

nwamamassloga.scr

description	pid	process	target process
PID 848 wrote to memory of 1216	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1216	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1216	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1216	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1364	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1364	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1364	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1364	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1444	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1444	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1444	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1444	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1220	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1220	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1220	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 1220	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 608	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 608	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 608	848	nwamamassloga.scr	nwamamassloga.scr
PID 848 wrote to memory of 608	848	nwamamassloga.scr	nwamamassloga.scr

C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr
"C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr"
2⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr
"C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr"
2⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr
"C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr"
2⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr
"C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr"
2⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr
"C:\Users\Admin\AppData\Local\Temp\nwamamassloga.scr"
2⤵
PID:608

memory/848-2-0x00000000748D0000-0x0000000074FBE000-memory.dmp

Filesize
6.9MB

Download
memory/848-3-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/848-5-0x0000000004650000-0x00000000046E4000-memory.dmp

Filesize
592KB

Download