2db131a19b56e70ea942cc12d0ce7732c20a27284f1e44c25e7be8b164e6bcfd

General

Target

3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Size

1.4MB
MD5

0df8e282fcc2f29768fa1c09f5ebea66
SHA1

3f2b2c198c8fb32047920924695b8ccc01efb001
SHA256

3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3
SHA512

34de4f6bbb6967d13ac1912693519457d22d372bd1928724d40ee6c15893fe0675f48a7d3221da35439c398b0f08c5b0dc958d80020b62cabb382846b3308f88

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe

pid	process
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes:

3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeSecurityPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeTakeOwnershipPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeLoadDriverPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeSystemProfilePrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeSystemtimePrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeProfSingleProcessPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeIncBasePriorityPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeCreatePagefilePrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeBackupPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeRestorePrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeShutdownPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeDebugPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeSystemEnvironmentPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeChangeNotifyPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeRemoteShutdownPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeUndockPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeManageVolumePrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeImpersonatePrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: SeCreateGlobalPrivilege	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: 33	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: 34	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: 35	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
Token: 36	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe

description	pid	process	target process
PID 728 wrote to memory of 1504	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe	cmd.exe
PID 728 wrote to memory of 1504	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe	cmd.exe
PID 728 wrote to memory of 1712	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe	conhost.exe
PID 728 wrote to memory of 1712	728	3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe	conhost.exe

C:\Users\Admin\AppData\Local\Temp\3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe
"C:\Users\Admin\AppData\Local\Temp\3befc90b32cbd8c426c62d8e0a6f62754b7cf336d807c763e224fae0767d74b3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:728

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
PID:1504

C:\Windows\system32\conhost.exe
"C:\Windows\system32\conhost.exe"
2⤵
PID:1712

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1504-2-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads