b2ffebf2df5b70d6866b2bb65a56ecafa59371fc78f3690790bb273c715df683

Analysis

Target

01a083f4_extracted.exe
Size

146KB
MD5

c5c6f5d743b1d2391b150c9740db22ba
SHA1

f033a2fab1ad3a6e8d4ab08730654fc6f3482a4e
SHA256

b2ffebf2df5b70d6866b2bb65a56ecafa59371fc78f3690790bb273c715df683
SHA512

6bf5d23f2f82b02dd194716d747b99858823915fccb09b39a842f5a221b2d933e8c53d0158fe4806bde644f96aa9d28699ec4ab702d71e55d93feb0f384f843e

Score

1^/10

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2940 taskkill.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

01a083f4_extracted.exetaskkill.exe

description pid process

Token: SeDebugPrivilege 652 01a083f4_extracted.exe
Token: SeDebugPrivilege 2940 taskkill.exe

pid	process
2940	taskkill.exe

description	pid	process
Token: SeDebugPrivilege	652	01a083f4_extracted.exe
Token: SeDebugPrivilege	2940	taskkill.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

01a083f4_extracted.execmd.exe

description	pid	process	target process
PID 652 wrote to memory of 208	652	01a083f4_extracted.exe	cmd.exe
PID 652 wrote to memory of 208	652	01a083f4_extracted.exe	cmd.exe
PID 652 wrote to memory of 208	652	01a083f4_extracted.exe	cmd.exe
PID 208 wrote to memory of 2940	208	cmd.exe	taskkill.exe
PID 208 wrote to memory of 2940	208	cmd.exe	taskkill.exe
PID 208 wrote to memory of 2940	208	cmd.exe	taskkill.exe
PID 208 wrote to memory of 2640	208	cmd.exe	choice.exe
PID 208 wrote to memory of 2640	208	cmd.exe	choice.exe
PID 208 wrote to memory of 2640	208	cmd.exe	choice.exe

C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C taskkill /F /PID 652 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\01a083f4_extracted.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:208

memory/208-12-0x0000000000000000-mapping.dmp

Download
memory/652-2-0x0000000073DC0000-0x00000000744AE000-memory.dmp

Filesize
6.9MB

Download
memory/652-3-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/652-5-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

Filesize
4KB

Download
memory/652-6-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

Filesize
4KB

Download
memory/652-7-0x0000000005800000-0x0000000005801000-memory.dmp

Filesize
4KB

Download
memory/652-8-0x0000000004EC0000-0x0000000004EC1000-memory.dmp

Filesize
4KB

Download
memory/652-9-0x0000000005230000-0x0000000005231000-memory.dmp

Filesize
4KB

Download
memory/652-10-0x0000000005270000-0x0000000005271000-memory.dmp

Filesize
4KB

Download
memory/652-11-0x0000000005430000-0x0000000005431000-memory.dmp

Filesize
4KB

Download
memory/2640-14-0x0000000000000000-mapping.dmp

Download
memory/2940-13-0x0000000000000000-mapping.dmp

Download