83fed765d229173fedc6811b521cebdfcec3342713679a57d49188ba554c00fb

General

Target

Order 202139769574,.exe
Size

845KB
MD5

d72f1abe7c521c844071a8265b92545b
SHA1

0c59a02103a9a7fb663a37809563a48a8adb097e
SHA256

83fed765d229173fedc6811b521cebdfcec3342713679a57d49188ba554c00fb
SHA512

c1cc91e626d3600a5e7c03c61e051f29dc1f3a3dc10550b0587e2540e7c8ca2ff4cdea5b5fed79dc0c167d9ae2182178d5ea97ec424dd21486f56b28859382e8

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Order 202139769574,.exe

pid process

108 Order 202139769574,.exe
108 Order 202139769574,.exe
108 Order 202139769574,.exe
108 Order 202139769574,.exe
108 Order 202139769574,.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Order 202139769574,.exe

description pid process

Token: SeDebugPrivilege 108 Order 202139769574,.exe

pid	process
108	Order 202139769574,.exe
108	Order 202139769574,.exe
108	Order 202139769574,.exe
108	Order 202139769574,.exe
108	Order 202139769574,.exe

description	pid	process
Token: SeDebugPrivilege	108	Order 202139769574,.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Order 202139769574,.exe

description	pid	process	target process
PID 108 wrote to memory of 460	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 460	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 460	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 460	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 864	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 864	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 864	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 864	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1028	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1028	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1028	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1028	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1468	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1468	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1468	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1468	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1648	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1648	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1648	108	Order 202139769574,.exe	Order 202139769574,.exe
PID 108 wrote to memory of 1648	108	Order 202139769574,.exe	Order 202139769574,.exe

C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe
"C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:108
- C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe
  "C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe"
  2⤵
  PID:460
- C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe
  "C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe"
  2⤵
  PID:864
- C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe
  "C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe"
  2⤵
  PID:1028
- C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe
  "C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe"
  2⤵
  PID:1468
- C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe
  "C:\Users\Admin\AppData\Local\Temp\Order 202139769574,.exe"
  2⤵
  PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/108-60-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/108-62-0x0000000000380000-0x0000000000384000-memory.dmp

Filesize
16KB

Download
memory/108-63-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

Filesize
4KB

Download
memory/108-64-0x0000000004FF0000-0x000000000506E000-memory.dmp

Filesize
504KB

Download
memory/108-65-0x0000000000640000-0x0000000000678000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads