c109fdc9eebddd35215c226381a886b4f2fdec8956ac9cfc428cbb6ef3405777

General

Target

9b0315924b8b25d861199d276becfd34.exe
Size

1.2MB
MD5

9b0315924b8b25d861199d276becfd34
SHA1

6f6dbce9332a844976698b75911c77afebb1543f
SHA256

c109fdc9eebddd35215c226381a886b4f2fdec8956ac9cfc428cbb6ef3405777
SHA512

b3528f7c4b0b3aa812e3b8113e7ee924f8ae34ab801c6a6cf20d56d30adba757f57041d8c6530cb6fc7c42a8b1894613ca54e0ceac0795e14dfa2a1e8ecf3d5d

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

9b0315924b8b25d861199d276becfd34.exe

pid	process
1980	9b0315924b8b25d861199d276becfd34.exe
1980	9b0315924b8b25d861199d276becfd34.exe
1980	9b0315924b8b25d861199d276becfd34.exe
1980	9b0315924b8b25d861199d276becfd34.exe
1980	9b0315924b8b25d861199d276becfd34.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

9b0315924b8b25d861199d276becfd34.exe

description pid process

Token: SeDebugPrivilege 1980 9b0315924b8b25d861199d276becfd34.exe

description	pid	process
Token: SeDebugPrivilege	1980	9b0315924b8b25d861199d276becfd34.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

9b0315924b8b25d861199d276becfd34.exe

C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe
"C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1980

C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe
"{path}"
2⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe
"{path}"
2⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe
"{path}"
2⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe
"{path}"
2⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\9b0315924b8b25d861199d276becfd34.exe
"{path}"
2⤵
PID:1644

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-60-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1980-62-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/1980-63-0x00000000002F0000-0x00000000002F2000-memory.dmp

Filesize
8KB

Download
memory/1980-64-0x0000000008170000-0x0000000008230000-memory.dmp

Filesize
768KB

Download
memory/1980-65-0x0000000005EC0000-0x0000000005F3A000-memory.dmp

Filesize
488KB

Download

description	pid	process	target process
PID 1980 wrote to memory of 1056	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1056	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1056	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1056	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 532	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 532	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 532	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 532	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1492	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1492	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1492	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1492	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 568	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 568	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 568	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 568	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1644	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1644	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1644	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe
PID 1980 wrote to memory of 1644	1980	9b0315924b8b25d861199d276becfd34.exe	9b0315924b8b25d861199d276becfd34.exe

Analysis

Sharing