5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b

General

Target

63a7dd2640491df5075a08bf335545a6.exe
Size

1.9MB
MD5

63a7dd2640491df5075a08bf335545a6
SHA1

6bcdaa6627936d1c438d47016ad12ff018895fa6
SHA256

5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b
SHA512

4e728c1d4d39efddc736c309fd5654cae0106ccaed8d40b9fc395a40576526e8e67afb6f974944c30ecf96476fe233aeeae56581d0647cb7d162ffbfeae0d756

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

63a7dd2640491df5075a08bf335545a6.exe

pid	process
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe
1652	63a7dd2640491df5075a08bf335545a6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

63a7dd2640491df5075a08bf335545a6.exe

description pid process

Token: SeDebugPrivilege 1652 63a7dd2640491df5075a08bf335545a6.exe

description	pid	process
Token: SeDebugPrivilege	1652	63a7dd2640491df5075a08bf335545a6.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

63a7dd2640491df5075a08bf335545a6.exe

C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe
"C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe
"{path}"
2⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe
"{path}"
2⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe
"{path}"
2⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe
"{path}"
2⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\63a7dd2640491df5075a08bf335545a6.exe
"{path}"
2⤵
PID:908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-60-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1652-62-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/1652-63-0x0000000000960000-0x000000000096E000-memory.dmp

Filesize
56KB

Download
memory/1652-64-0x00000000057B0000-0x000000000582D000-memory.dmp

Filesize
500KB

Download
memory/1652-65-0x00000000050B0000-0x00000000050DD000-memory.dmp

Filesize
180KB

Download

description	pid	process	target process
PID 1652 wrote to memory of 796	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 796	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 796	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 796	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 876	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 876	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 876	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 876	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 560	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 560	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 560	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 560	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 1032	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 1032	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 1032	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 1032	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 908	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 908	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 908	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe
PID 1652 wrote to memory of 908	1652	63a7dd2640491df5075a08bf335545a6.exe	63a7dd2640491df5075a08bf335545a6.exe

Analysis

Sharing