eb8c5fa3da30f5d972e7d30767099990aadce5af9e046a2765b0c64222eab118

General

Target

e9777bb4_by_Libranalysis.exe
Size

920KB
MD5

e9777bb4745f38009a1d806392a437e5
SHA1

76ffc32ba98dd84e396af77ad4311d99b3a1bbb0
SHA256

eb8c5fa3da30f5d972e7d30767099990aadce5af9e046a2765b0c64222eab118
SHA512

794f80a25ae343075421e2d6a030d3a30ef0f2790649fad1c7fc80b31b4ce9d755dfe10634e0d28a684f39d2cffec0c8e7c17d18547df88335ef2d5c2de29f0f

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

e9777bb4_by_Libranalysis.exe

pid	process
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe
772	e9777bb4_by_Libranalysis.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e9777bb4_by_Libranalysis.exe

description pid process

Token: SeDebugPrivilege 772 e9777bb4_by_Libranalysis.exe

description	pid	process
Token: SeDebugPrivilege	772	e9777bb4_by_Libranalysis.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

e9777bb4_by_Libranalysis.exe

description	pid	process	target process
PID 772 wrote to memory of 1680	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1680	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1680	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1680	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1012	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1012	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1012	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1012	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 292	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 292	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 292	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 292	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1716	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1716	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1716	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 1716	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 884	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 884	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 884	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe
PID 772 wrote to memory of 884	772	e9777bb4_by_Libranalysis.exe	e9777bb4_by_Libranalysis.exe

C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:772

C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe
"{path}"
2⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe
"{path}"
2⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe
"{path}"
2⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe
"{path}"
2⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\e9777bb4_by_Libranalysis.exe
"{path}"
2⤵
PID:884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/772-60-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/772-62-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/772-63-0x0000000000460000-0x000000000046E000-memory.dmp

Filesize
56KB

Download
memory/772-64-0x0000000005250000-0x00000000052E0000-memory.dmp

Filesize
576KB

Download
memory/772-65-0x0000000001E80000-0x0000000001EC1000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads