8895f05f07d168eb225dff4d63bf2f5c0eef9bafba5fa87e745add460a9b0b9b

General

Target

01217a79_by_Libranalysis.exe
Size

1.8MB
MD5

01217a79d1d0ad6e766382c46679a479
SHA1

5f54f5a933124516f0089dba9ac6458cf2171910
SHA256

8895f05f07d168eb225dff4d63bf2f5c0eef9bafba5fa87e745add460a9b0b9b
SHA512

199002d87d784e69b09b822506b35846126fff7c8440251199faddedecb49d8fe767def156bdfdad077e460da35b811f61fcb7f4949b037d7a4af6fbc2a68415

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

01217a79_by_Libranalysis.exe

pid	process
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe
1920	01217a79_by_Libranalysis.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

01217a79_by_Libranalysis.exe

description pid process

Token: SeDebugPrivilege 1920 01217a79_by_Libranalysis.exe

description	pid	process
Token: SeDebugPrivilege	1920	01217a79_by_Libranalysis.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

01217a79_by_Libranalysis.exe

description	pid	process	target process
PID 1920 wrote to memory of 800	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 800	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 800	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 800	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 296	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 296	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 296	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 296	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 1204	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 1204	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 1204	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 1204	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 764	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 764	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 764	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 764	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 996	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 996	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 996	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe
PID 1920 wrote to memory of 996	1920	01217a79_by_Libranalysis.exe	01217a79_by_Libranalysis.exe

C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1920

C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe"
2⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe"
2⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe"
2⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe"
2⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe
"C:\Users\Admin\AppData\Local\Temp\01217a79_by_Libranalysis.exe"
2⤵
PID:996

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1920-60-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1920-62-0x0000000000550000-0x0000000000591000-memory.dmp

Filesize
260KB

Download
memory/1920-63-0x0000000005DF0000-0x0000000005DF1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads