b073ef66058998fc6ee7c61fb6eeaffe28a816f36dda995edcd1a6e893deedd3

General

Target

cc17df44b8e738bbe7614e5b0fbaf229.exe
Size

908KB
MD5

cc17df44b8e738bbe7614e5b0fbaf229
SHA1

0501119c5e52d771b127764f7fffb5f38c6c45b1
SHA256

b073ef66058998fc6ee7c61fb6eeaffe28a816f36dda995edcd1a6e893deedd3
SHA512

d0e61e958740521e2463989037236cd87579ffef430e9eca263c70dbcadc160c44a015b1dd3411c0240374aa6a1cf7b47946b775eebccc004a52c1aad3371bc8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

cc17df44b8e738bbe7614e5b0fbaf229.exe

pid	process
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe
784	cc17df44b8e738bbe7614e5b0fbaf229.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

cc17df44b8e738bbe7614e5b0fbaf229.exe

description pid process

Token: SeDebugPrivilege 784 cc17df44b8e738bbe7614e5b0fbaf229.exe

description	pid	process
Token: SeDebugPrivilege	784	cc17df44b8e738bbe7614e5b0fbaf229.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

cc17df44b8e738bbe7614e5b0fbaf229.exe

C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe
"C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:784

C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe
"C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe"
2⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe
"C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe"
2⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe
"C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe"
2⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe
"C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe"
2⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe
"C:\Users\Admin\AppData\Local\Temp\cc17df44b8e738bbe7614e5b0fbaf229.exe"
2⤵
PID:1680

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/784-2-0x0000000073D40000-0x000000007442E000-memory.dmp

Filesize
6.9MB

Download
memory/784-3-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/784-5-0x00000000006A0000-0x00000000006C3000-memory.dmp

Filesize
140KB

Download
memory/784-6-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/784-7-0x00000000073A0000-0x0000000007409000-memory.dmp

Filesize
420KB

Download

description	pid	process	target process
PID 784 wrote to memory of 1628	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1628	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1628	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1628	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 324	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 324	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 324	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 324	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 840	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 840	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 840	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 840	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 336	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 336	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 336	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 336	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1680	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1680	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1680	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe
PID 784 wrote to memory of 1680	784	cc17df44b8e738bbe7614e5b0fbaf229.exe	cc17df44b8e738bbe7614e5b0fbaf229.exe

Analysis

Sharing