eeae6946fd97c08847e106e5db01994a9c0a5d8b2bc60ee88c25a7c839db5b2d

General

Target

d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Size

3.7MB
MD5

73eb70ca5994df6e2766bb5b799f04ec
SHA1

dbccf45a2dd780ab31a13f2136f82c4f3a17906e
SHA256

d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c
SHA512

1346f92dc34801108ca10777fa7b9e3c134334eacc05c9a31052a9a0505787febd4a1beafb1bb46e5a87a433af33d3cd3f333cc72673149040127a1e6b148b14

Score

10^/10

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

svchost.exe

description pid process target process

PID 2636 created 3904 2636 svchost.exe d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

description	pid	process	target process
PID 2636 created 3904	2636	svchost.exe	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1661 = "Bahia Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-141 = "Canada Central Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1801 = "Line Islands Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1892 = "Russia TZ 3 Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-692 = "Tasmania Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2592 = "Tocantins Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-201 = "US Mountain Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-412 = "E. Africa Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-742 = "New Zealand Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-791 = "SA Western Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-41 = "E. South America Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-532 = "Sri Lanka Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-434 = "Georgian Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2771 = "Omsk Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-561 = "SE Asia Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-841 = "Argentina Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2531 = "Chatham Islands Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-871 = "Pakistan Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1832 = "Russia TZ 2 Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-452 = "Caucasus Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-771 = "Montevideo Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-301 = "Romance Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-752 = "Tonga Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2162 = "Altai Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2002 = "Cabo Verde Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-292 = "Central European Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1842 = "Russia TZ 4 Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2161 = "Altai Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-302 = "Romance Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2451 = "Saint Pierre Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-721 = "Central Pacific Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-492 = "India Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2141 = "Transbaikal Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2841 = "Saratov Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-401 = "Arabic Daylight Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2182 = "Astrakhan Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-772 = "Montevideo Standard Time"	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

pid	process
3904	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
3904	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exesvchost.exe

description	pid	process
Token: SeDebugPrivilege	3904	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Token: SeImpersonatePrivilege	3904	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
Token: SeTcbPrivilege	2636	svchost.exe
Token: SeTcbPrivilege	2636	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

svchost.exe

description	pid	process	target process
PID 2636 wrote to memory of 4088	2636	svchost.exe	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
PID 2636 wrote to memory of 4088	2636	svchost.exe	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
PID 2636 wrote to memory of 4088	2636	svchost.exe	d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe

C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
"C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3904

C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe
"C:\Users\Admin\AppData\Local\Temp\d9852b60eb015a9b4bd4f114321b8d7efd7a47b85d32ad21755e671c5bab5f2c.exe"
2⤵
- Modifies data under HKEY_USERS
PID:4088

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s seclogon
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2636

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads