c1aa3996fb100371e8d443417f1c90f959306af345dc4436d5382e49bb205ac7

General

Target

60d92de4c9490fc49ab899cad9bb3efb.exe
Size

1.6MB
MD5

60d92de4c9490fc49ab899cad9bb3efb
SHA1

c8b3aaa04c2790d283db59b834712aef8cb17026
SHA256

c1aa3996fb100371e8d443417f1c90f959306af345dc4436d5382e49bb205ac7
SHA512

c986703bc1fd4130c3a8b4b4d8f16d998b390c0b04e628f7e9d6d8c3f378be9177de71457dd2ee09f4657d3b124e9b2b295a6f40927bc2f8692adacc42ff0b97

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

60d92de4c9490fc49ab899cad9bb3efb.exe

pid	process
1944	60d92de4c9490fc49ab899cad9bb3efb.exe
1944	60d92de4c9490fc49ab899cad9bb3efb.exe
1944	60d92de4c9490fc49ab899cad9bb3efb.exe
1944	60d92de4c9490fc49ab899cad9bb3efb.exe
1944	60d92de4c9490fc49ab899cad9bb3efb.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

60d92de4c9490fc49ab899cad9bb3efb.exe

description pid process

Token: SeDebugPrivilege 1944 60d92de4c9490fc49ab899cad9bb3efb.exe

description	pid	process
Token: SeDebugPrivilege	1944	60d92de4c9490fc49ab899cad9bb3efb.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

60d92de4c9490fc49ab899cad9bb3efb.exe

C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe
"C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1944

C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe
"C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe"
2⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe
"C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe"
2⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe
"C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe"
2⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe
"C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe"
2⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe
"C:\Users\Admin\AppData\Local\Temp\60d92de4c9490fc49ab899cad9bb3efb.exe"
2⤵
PID:1704

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-59-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1944-61-0x0000000004E30000-0x0000000004E31000-memory.dmp

Filesize
4KB

Download
memory/1944-62-0x00000000004F0000-0x000000000051D000-memory.dmp

Filesize
180KB

Download
memory/1944-63-0x0000000004DA0000-0x0000000004E17000-memory.dmp

Filesize
476KB

Download
memory/1944-64-0x0000000004D20000-0x0000000004D59000-memory.dmp

Filesize
228KB

Download

description	pid	process	target process
PID 1944 wrote to memory of 1580	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1580	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1580	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1580	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 968	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 968	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 968	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 968	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1700	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1700	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1700	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1700	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 560	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 560	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 560	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 560	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1704	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1704	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1704	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe
PID 1944 wrote to memory of 1704	1944	60d92de4c9490fc49ab899cad9bb3efb.exe	60d92de4c9490fc49ab899cad9bb3efb.exe

Analysis

Sharing