572e6066888624b7fa82b7bc17bbe0dc05440b4031cc71fc38f4d67a0571799e

General

Target

0e947ac360cb2f49dd978d7b4c4f9d6d.exe
Size

5.3MB
MD5

0e947ac360cb2f49dd978d7b4c4f9d6d
SHA1

f3aed046e7375894884411c3a99c9e9c554fa790
SHA256

572e6066888624b7fa82b7bc17bbe0dc05440b4031cc71fc38f4d67a0571799e
SHA512

3954aa22e97b039870ece0053a2ac3e1d8151068f32442116f4bad1f968c22983beaf3f5365623b6e3cbf299dc792c11897997c957c24c1c258c2993eeaf3552

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

0e947ac360cb2f49dd978d7b4c4f9d6d.exe

pid	process
484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0e947ac360cb2f49dd978d7b4c4f9d6d.exe

description pid process

Token: SeDebugPrivilege 484 0e947ac360cb2f49dd978d7b4c4f9d6d.exe

description	pid	process
Token: SeDebugPrivilege	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

0e947ac360cb2f49dd978d7b4c4f9d6d.exe

C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
"C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:484

C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
"C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
2⤵
PID:396

C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
"C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
2⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
"C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
2⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
"C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
2⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe
"C:\Users\Admin\AppData\Local\Temp\0e947ac360cb2f49dd978d7b4c4f9d6d.exe"
2⤵
PID:588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/484-60-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/484-62-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

Filesize
4KB

Download
memory/484-63-0x0000000000AB0000-0x0000000000AC3000-memory.dmp

Filesize
76KB

Download
memory/484-64-0x0000000007890000-0x0000000007908000-memory.dmp

Filesize
480KB

Download
memory/484-65-0x00000000009A0000-0x00000000009D0000-memory.dmp

Filesize
192KB

Download

description	pid	process	target process
PID 484 wrote to memory of 396	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 396	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 396	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 396	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 332	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 332	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 332	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 332	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1012	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1012	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1012	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1012	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1500	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1500	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1500	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 1500	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 588	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 588	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 588	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe
PID 484 wrote to memory of 588	484	0e947ac360cb2f49dd978d7b4c4f9d6d.exe	0e947ac360cb2f49dd978d7b4c4f9d6d.exe

Analysis

Sharing