3bb4ba1af57ec635228b43c11b676612091f37e15b6578fca48e9a14195a9cd5

Analysis

max time kernel
43s
max time network
15s
platform
windows7_x64
resource
win7v20201028
submitted
25-01-2021 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yu2iMnAJBdOGPyv.exe
Size

571KB
MD5

233d36fdcbfe2e9908434fc8e48034b4
SHA1

3ece9b158bb00a02bc9c0662e4c36ab0948f9a5f
SHA256

3bb4ba1af57ec635228b43c11b676612091f37e15b6578fca48e9a14195a9cd5
SHA512

a5cc94f535f7cc2b1e5191a911c90b5343c33ba1d80b4dcc8827855a3f7246e91d7c88f29bd4f60519a8c53f19b6f37b428c307f7fdc0df5268d3ee05acc4ea9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Yu2iMnAJBdOGPyv.exe

pid	process
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe
1668	Yu2iMnAJBdOGPyv.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Yu2iMnAJBdOGPyv.exe

description pid process

Token: SeDebugPrivilege 1668 Yu2iMnAJBdOGPyv.exe

description	pid	process
Token: SeDebugPrivilege	1668	Yu2iMnAJBdOGPyv.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Yu2iMnAJBdOGPyv.exe

description	pid	process	target process
PID 1668 wrote to memory of 1584	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1584	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1584	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1584	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1704	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1704	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1704	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1704	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1568	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1568	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1568	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1568	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1064	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1064	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1064	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 1064	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 872	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 872	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 872	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe
PID 1668 wrote to memory of 872	1668	Yu2iMnAJBdOGPyv.exe	Yu2iMnAJBdOGPyv.exe

C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe
"C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe
"{path}"
2⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe
"{path}"
2⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe
"{path}"
2⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe
"{path}"
2⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Yu2iMnAJBdOGPyv.exe
"{path}"
2⤵
PID:872

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-2-0x0000000074B31000-0x0000000074B33000-memory.dmp

Filesize
8KB

Download
memory/1668-3-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1668-4-0x0000000000541000-0x0000000000542000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads