65ca40e44ab6171794b0c81d8b80122604eff3aca4614901fcd30db1a5329cfb

General

Target

7nMMSdGgCXAfKsb.exe
Size

931KB
MD5

50439fc35eaebb32f1fdeba8ef12e7c2
SHA1

689a97e2c83d0e84aeca38c1330245149ef5ed0d
SHA256

65ca40e44ab6171794b0c81d8b80122604eff3aca4614901fcd30db1a5329cfb
SHA512

a80705235bbadac3c1d12d953016ddcb9ada91b28f442e61c5bc24babe7b0a39df9874fdbcc1687f28e594fc959b990a5a20be9ddb3f4540257964a1938ee9f0

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

7nMMSdGgCXAfKsb.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

7nMMSdGgCXAfKsb.exe

description pid process

Token: SeDebugPrivilege 892 7nMMSdGgCXAfKsb.exe

description	pid	process
Token: SeDebugPrivilege	892	7nMMSdGgCXAfKsb.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

7nMMSdGgCXAfKsb.exe

description	pid	process	target process
PID 892 wrote to memory of 848	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 848	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 848	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 848	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 1604	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 1604	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 1604	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 1604	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 568	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 568	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 568	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 568	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 676	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 676	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 676	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 676	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 524	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 524	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 524	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe
PID 892 wrote to memory of 524	892	7nMMSdGgCXAfKsb.exe	7nMMSdGgCXAfKsb.exe

memory/892-2-0x0000000073D30000-0x000000007441E000-memory.dmp

Filesize
6.9MB

Download
memory/892-3-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/892-5-0x0000000004A80000-0x0000000004A81000-memory.dmp

Filesize
4KB

Download
memory/892-6-0x0000000000210000-0x000000000021E000-memory.dmp

Filesize
56KB

Download
memory/892-7-0x0000000002130000-0x0000000002186000-memory.dmp

Filesize
344KB

Download