f0e734543c047d2ca1a76a4e47553e85d50c57ff9d3dfbd0e55806ff890fef38

General

Target

2bINu9BOqKtJHoo.exe
Size

1.1MB
MD5

b8b1a1e689be765aad3fe0f8d97199af
SHA1

96b923aaa5b0d3e9974b4080298bb8a7bcfcf725
SHA256

f0e734543c047d2ca1a76a4e47553e85d50c57ff9d3dfbd0e55806ff890fef38
SHA512

1f64bbf0bed9cc5cd04da93a9da7346774a493f73171b87f1331da5d00dc970d054ccc73935e57341512bd7d8827c3c88319f4458c30f0d09a6b25c91f356f7c

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

2bINu9BOqKtJHoo.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

2bINu9BOqKtJHoo.exe

description pid process

Token: SeDebugPrivilege 452 2bINu9BOqKtJHoo.exe

description	pid	process
Token: SeDebugPrivilege	452	2bINu9BOqKtJHoo.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

2bINu9BOqKtJHoo.exe

description	pid	process	target process
PID 452 wrote to memory of 308	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 308	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 308	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 308	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 520	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 520	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 520	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 520	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 524	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 524	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 524	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 524	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 676	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 676	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 676	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 676	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 560	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 560	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 560	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe
PID 452 wrote to memory of 560	452	2bINu9BOqKtJHoo.exe	2bINu9BOqKtJHoo.exe

C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe
"C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:452
- C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe
  "C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe"
  2⤵
  PID:308
- C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe
  "C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe"
  2⤵
  PID:520
- C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe
  "C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe"
  2⤵
  PID:524
- C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe
  "C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe"
  2⤵
  PID:676
- C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe
  "C:\Users\Admin\AppData\Local\Temp\2bINu9BOqKtJHoo.exe"
  2⤵
  PID:560

memory/452-60-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/452-62-0x0000000004970000-0x0000000004971000-memory.dmp

Filesize
4KB

Download
memory/452-63-0x00000000003C0000-0x00000000003DB000-memory.dmp

Filesize
108KB

Download
memory/452-64-0x0000000005E20000-0x0000000005E9A000-memory.dmp

Filesize
488KB

Download
memory/452-65-0x0000000004250000-0x0000000004285000-memory.dmp

Filesize
212KB

Download