71d384c258d0d2cfbeeda66a1ba67085b347d934a3484e0df3fc06a684085386

General

Target

44020c86a10168041f6ddde52fd3f4d4.exe
Size

748KB
MD5

44020c86a10168041f6ddde52fd3f4d4
SHA1

0dc9cf42fb0b5670d54307c9eb41cbc43bd66454
SHA256

71d384c258d0d2cfbeeda66a1ba67085b347d934a3484e0df3fc06a684085386
SHA512

163de8e93558e30b09f6a89dd3be3627c9fbd076ba28001b19db0efc9e33bf6ed4b1ba62d63d29403af4c7c9108b92bcb9ea0aa0978023d3398a36534049683b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes:

44020c86a10168041f6ddde52fd3f4d4.exe

pid	process
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe
768	44020c86a10168041f6ddde52fd3f4d4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

44020c86a10168041f6ddde52fd3f4d4.exe

description pid process

Token: SeDebugPrivilege 768 44020c86a10168041f6ddde52fd3f4d4.exe

description	pid	process
Token: SeDebugPrivilege	768	44020c86a10168041f6ddde52fd3f4d4.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

44020c86a10168041f6ddde52fd3f4d4.exe

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
"C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:768

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:432

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
C:\Users\Admin\AppData\Local\Temp\44020c86a10168041f6ddde52fd3f4d4.exe
2⤵
PID:332

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/768-60-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/768-62-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/768-63-0x0000000002145000-0x0000000002156000-memory.dmp

Filesize
68KB

Download
memory/768-64-0x0000000000940000-0x000000000098C000-memory.dmp

Filesize
304KB

Download
memory/768-69-0x0000000005480000-0x00000000054E3000-memory.dmp

Filesize
396KB

Download

description	pid	process	target process
PID 768 wrote to memory of 1412	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1412	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1412	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1412	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1348	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1348	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1348	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1348	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1680	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1680	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1680	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1680	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1736	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1736	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1736	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1736	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 292	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 292	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 292	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 292	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1720	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1720	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1720	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 1720	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 316	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 316	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 316	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 316	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 432	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 432	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 432	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 432	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 268	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 268	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 268	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 268	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 332	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 332	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 332	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe
PID 768 wrote to memory of 332	768	44020c86a10168041f6ddde52fd3f4d4.exe	44020c86a10168041f6ddde52fd3f4d4.exe

Analysis

Sharing