9f90191394c86e462f3996211403debe1cc0ffdc6de6e1700aa59f680641dc33

Analysis

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

JUSTF2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

JUSTF2.exe

description pid process

Token: SeDebugPrivilege 1096 JUSTF2.exe

description	pid	process
Token: SeDebugPrivilege	1096	JUSTF2.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

JUSTF2.exe

description	pid	process	target process
PID 1096 wrote to memory of 1560	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1560	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1560	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1560	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1740	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1740	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1740	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1740	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1212	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1212	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1212	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1212	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1092	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1092	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1092	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 1092	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 604	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 604	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 604	1096	JUSTF2.exe	JUSTF2.exe
PID 1096 wrote to memory of 604	1096	JUSTF2.exe	JUSTF2.exe

C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe
"C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe
  "C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe"
  2⤵
  PID:1560
- C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe
  "C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe"
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe
  "C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe"
  2⤵
  PID:1212
- C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe
  "C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe"
  2⤵
  PID:1092
- C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe
  "C:\Users\Admin\AppData\Local\Temp\JUSTF2.exe"
  2⤵
  PID:604

memory/1096-2-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1096-3-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/1096-4-0x0000000000831000-0x0000000000832000-memory.dmp

Filesize
4KB

Download