0af8d47a09b1f5ea9544e89eb83e8a572b8a78fcb28db74ee523da4b1797cd3e

General

Target

e208ac05d1af344211cc16c917775b62.exe
Size

1.6MB
MD5

e208ac05d1af344211cc16c917775b62
SHA1

832cd36d393d277db2762b5426a13ecb440fb1b4
SHA256

0af8d47a09b1f5ea9544e89eb83e8a572b8a78fcb28db74ee523da4b1797cd3e
SHA512

50011e2bc24b9dc9fc63addac2f8aaa833298ce1d11f02706a31e43a07bfb08baec3611794d30c154f4df98cddd1ea5a31cd059a65407e88c1c95116e3e777a8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

e208ac05d1af344211cc16c917775b62.exe

pid	process
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe
1856	e208ac05d1af344211cc16c917775b62.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e208ac05d1af344211cc16c917775b62.exe

description pid process

Token: SeDebugPrivilege 1856 e208ac05d1af344211cc16c917775b62.exe

description	pid	process
Token: SeDebugPrivilege	1856	e208ac05d1af344211cc16c917775b62.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

e208ac05d1af344211cc16c917775b62.exe

C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe
"C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1856

C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe
"{path}"
2⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe
"{path}"
2⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe
"{path}"
2⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe
"{path}"
2⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\e208ac05d1af344211cc16c917775b62.exe
"{path}"
2⤵
PID:1504

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1856-2-0x0000000074590000-0x0000000074C7E000-memory.dmp

Filesize
6.9MB

Download
memory/1856-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1856-5-0x0000000004F00000-0x0000000004F01000-memory.dmp

Filesize
4KB

Download
memory/1856-6-0x0000000000420000-0x0000000000422000-memory.dmp

Filesize
8KB

Download
memory/1856-7-0x0000000005D30000-0x0000000005D9F000-memory.dmp

Filesize
444KB

Download
memory/1856-8-0x00000000006B0000-0x00000000006DE000-memory.dmp

Filesize
184KB

Download

description	pid	process	target process
PID 1856 wrote to memory of 1336	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1336	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1336	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1336	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 568	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 568	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 568	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 568	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1612	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1612	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1612	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1612	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1704	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1704	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1704	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1704	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1504	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1504	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1504	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe
PID 1856 wrote to memory of 1504	1856	e208ac05d1af344211cc16c917775b62.exe	e208ac05d1af344211cc16c917775b62.exe

Analysis

Sharing