ff99d00779dbb0c55d69212b104f4fcf7f52e7ff265df47ee780d6ed84b606e9

General

Target

TT500202106029589435472.exe
Size

937KB
MD5

85aa9d1b698d8f57b88e32f8a6a31a1a
SHA1

4d4a7f6a9256c37081393aba3e48f188a0aad630
SHA256

ff99d00779dbb0c55d69212b104f4fcf7f52e7ff265df47ee780d6ed84b606e9
SHA512

7f5697ae243993dac743e51b1cee126a782da7c2d405d94e99e22fad6693ec52f76c487c02b60a5cab85f5b554d5db89dc1baae5be76a602b1c44b62175309c4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1032	TT500202106029589435472.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1596	1032	TT500202106029589435472.exe	29
PID 1032 wrote to memory of 1596	1032	TT500202106029589435472.exe	29
PID 1032 wrote to memory of 1596	1032	TT500202106029589435472.exe	29
PID 1032 wrote to memory of 1596	1032	TT500202106029589435472.exe	29
PID 1032 wrote to memory of 1500	1032	TT500202106029589435472.exe	30
PID 1032 wrote to memory of 1500	1032	TT500202106029589435472.exe	30
PID 1032 wrote to memory of 1500	1032	TT500202106029589435472.exe	30
PID 1032 wrote to memory of 1500	1032	TT500202106029589435472.exe	30
PID 1032 wrote to memory of 1468	1032	TT500202106029589435472.exe	31
PID 1032 wrote to memory of 1468	1032	TT500202106029589435472.exe	31
PID 1032 wrote to memory of 1468	1032	TT500202106029589435472.exe	31
PID 1032 wrote to memory of 1468	1032	TT500202106029589435472.exe	31
PID 1032 wrote to memory of 608	1032	TT500202106029589435472.exe	32
PID 1032 wrote to memory of 608	1032	TT500202106029589435472.exe	32
PID 1032 wrote to memory of 608	1032	TT500202106029589435472.exe	32
PID 1032 wrote to memory of 608	1032	TT500202106029589435472.exe	32
PID 1032 wrote to memory of 1532	1032	TT500202106029589435472.exe	33
PID 1032 wrote to memory of 1532	1032	TT500202106029589435472.exe	33
PID 1032 wrote to memory of 1532	1032	TT500202106029589435472.exe	33
PID 1032 wrote to memory of 1532	1032	TT500202106029589435472.exe	33

C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
"C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
  "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
  2⤵
  PID:1596
- C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
  "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
  2⤵
  PID:1500
- C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
  "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
  2⤵
  PID:1468
- C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
  "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
  2⤵
  PID:608
- C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe
  "C:\Users\Admin\AppData\Local\Temp\TT500202106029589435472.exe"
  2⤵
  PID:1532

memory/1032-60-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1032-62-0x00000000006D0000-0x000000000070B000-memory.dmp

Filesize
236KB

Download
memory/1032-63-0x0000000004EC0000-0x0000000004EC1000-memory.dmp

Filesize
4KB

Download
memory/1032-64-0x00000000004D0000-0x00000000004DF000-memory.dmp

Filesize
60KB

Download