33f302f22ca7cfa4de06befaab200c53337b218196a9ef16ff6139d7f09a9b87

General

Target

VCS58GQMhuCYghC.exe
Size

937KB
MD5

e36cffd41bac0837943e65c6e96d8f82
SHA1

048bdd4d332b56b10b7505800b4a869d91b4670e
SHA256

33f302f22ca7cfa4de06befaab200c53337b218196a9ef16ff6139d7f09a9b87
SHA512

7c87990fd8cc633280a85d7ab81e6a24edc89053ec58400eb5b0444276540cd4d21ce518086da8dca86fa1febf969f284dd037877ff29f357226fb25a7701dfb

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

VCS58GQMhuCYghC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

VCS58GQMhuCYghC.exe

description pid process

Token: SeDebugPrivilege 292 VCS58GQMhuCYghC.exe

description	pid	process
Token: SeDebugPrivilege	292	VCS58GQMhuCYghC.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

VCS58GQMhuCYghC.exe

description	pid	process	target process
PID 292 wrote to memory of 1552	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1552	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1552	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1552	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 848	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 848	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 848	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 848	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 284	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 284	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 284	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 284	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1696	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1696	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1696	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1696	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1728	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1728	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1728	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe
PID 292 wrote to memory of 1728	292	VCS58GQMhuCYghC.exe	VCS58GQMhuCYghC.exe

C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe
"C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe"
2⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe
"C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe"
2⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe
"C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe"
2⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe
"C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe"
2⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe
"C:\Users\Admin\AppData\Local\Temp\VCS58GQMhuCYghC.exe"
2⤵
PID:1728

memory/292-2-0x0000000076861000-0x0000000076863000-memory.dmp

Filesize
8KB

Download
memory/292-3-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/292-4-0x0000000002151000-0x0000000002152000-memory.dmp

Filesize
4KB

Download