af0249150bee4fec74c124f89019cd260c9aacd7b7a7715192b5097f1948eb82

General

Target

53d1fe3209497d194e38201deb835924.exe
Size

2.1MB
MD5

53d1fe3209497d194e38201deb835924
SHA1

43f4315a82d7cd359aec38eac9fa37602d8baac6
SHA256

af0249150bee4fec74c124f89019cd260c9aacd7b7a7715192b5097f1948eb82
SHA512

a706c677811bc7b5b0368c840c00499b45c3f30e3b52350373e4475bfe90c8bfceee57100d28dece8ec3006382a0be5a8ae780e1c1d71acf43208301200128a2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

53d1fe3209497d194e38201deb835924.exe

pid	process
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe
1040	53d1fe3209497d194e38201deb835924.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

53d1fe3209497d194e38201deb835924.exe

description pid process

Token: SeDebugPrivilege 1040 53d1fe3209497d194e38201deb835924.exe

description	pid	process
Token: SeDebugPrivilege	1040	53d1fe3209497d194e38201deb835924.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

53d1fe3209497d194e38201deb835924.exe

C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe
"C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1040

C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe
"{path}"
2⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe
"{path}"
2⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe
"{path}"
2⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe
"{path}"
2⤵
PID:396

C:\Users\Admin\AppData\Local\Temp\53d1fe3209497d194e38201deb835924.exe
"{path}"
2⤵
PID:432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1040-59-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1040-61-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/1040-62-0x00000000007F0000-0x00000000007FE000-memory.dmp

Filesize
56KB

Download
memory/1040-63-0x0000000008FB0000-0x000000000905B000-memory.dmp

Filesize
684KB

Download
memory/1040-64-0x000000000BB40000-0x000000000BBB4000-memory.dmp

Filesize
464KB

Download

description	pid	process	target process
PID 1040 wrote to memory of 1060	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1060	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1060	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1060	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1352	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1352	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1352	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1352	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1232	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1232	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1232	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 1232	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 396	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 396	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 396	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 396	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 432	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 432	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 432	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe
PID 1040 wrote to memory of 432	1040	53d1fe3209497d194e38201deb835924.exe	53d1fe3209497d194e38201deb835924.exe

Analysis

Sharing