9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf

General

Target

5551346aa9f251895021b95a2a7cc390.exe
Size

650KB
MD5

5551346aa9f251895021b95a2a7cc390
SHA1

acbcecf7599d3c33f6f2a36c0947cfc633d0a406
SHA256

9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf
SHA512

35e43a0f2ef1dd2dfaf921d8af3a4f3ef0f4675479d496141358561c84a3b8c8b1a5bd9497fe6c26757d3e6637edab538ac587d73bc6d47e9b90b751abf55ba3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

5551346aa9f251895021b95a2a7cc390.exe

pid	process
1116	5551346aa9f251895021b95a2a7cc390.exe
1116	5551346aa9f251895021b95a2a7cc390.exe
1116	5551346aa9f251895021b95a2a7cc390.exe
1116	5551346aa9f251895021b95a2a7cc390.exe
1116	5551346aa9f251895021b95a2a7cc390.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

5551346aa9f251895021b95a2a7cc390.exe

description pid process

Token: SeDebugPrivilege 1116 5551346aa9f251895021b95a2a7cc390.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

5551346aa9f251895021b95a2a7cc390.exe

pid process

1116 5551346aa9f251895021b95a2a7cc390.exe
1116 5551346aa9f251895021b95a2a7cc390.exe

description	pid	process
Token: SeDebugPrivilege	1116	5551346aa9f251895021b95a2a7cc390.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

5551346aa9f251895021b95a2a7cc390.exe

C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe
"C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1116

C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe
"C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe"
2⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe
"C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe"
2⤵
PID:396

C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe
"C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe"
2⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe
"C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe"
2⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe
"C:\Users\Admin\AppData\Local\Temp\5551346aa9f251895021b95a2a7cc390.exe"
2⤵
PID:572

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1116-59-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1116-61-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

Filesize
4KB

Download
memory/1116-62-0x0000000004EA1000-0x0000000004EA2000-memory.dmp

Filesize
4KB

Download
memory/1116-63-0x0000000004EA2000-0x0000000004EA3000-memory.dmp

Filesize
4KB

Download
memory/1116-64-0x00000000009E0000-0x00000000009EE000-memory.dmp

Filesize
56KB

Download
memory/1116-65-0x0000000005F70000-0x0000000005FE8000-memory.dmp

Filesize
480KB

Download
memory/1116-66-0x0000000002470000-0x00000000024A0000-memory.dmp

Filesize
192KB

Download

description	pid	process	target process
PID 1116 wrote to memory of 472	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 472	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 472	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 472	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 396	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 396	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 396	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 396	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 1772	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 1772	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 1772	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 1772	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 268	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 268	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 268	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 268	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 572	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 572	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 572	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe
PID 1116 wrote to memory of 572	1116	5551346aa9f251895021b95a2a7cc390.exe	5551346aa9f251895021b95a2a7cc390.exe

Analysis

Sharing