e3a371bfc3dd3560f5bd27f023c137e5b2c7bdba80c5b7f14a69f393cbce047e

Analysis

Target

367006.exe
Size

1.0MB
MD5

54cd3832c1ab9889d0b3741292a0263b
SHA1

c855ad13ab4cd135d1e04c10524a4f06a2007654
SHA256

e3a371bfc3dd3560f5bd27f023c137e5b2c7bdba80c5b7f14a69f393cbce047e
SHA512

85223e48449c77d8a36a820bb9df9c546ad0c13f9b35c8c542104dd62de557f611bf23e187245b50995481a7e175a96978dea4c0c6fc3b8461f1f07c4111c9a8

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

367006.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

367006.exe

description pid process

Token: SeDebugPrivilege 1700 367006.exe

description	pid	process
Token: SeDebugPrivilege	1700	367006.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

367006.exe

description	pid	process	target process
PID 1700 wrote to memory of 520	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 520	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 520	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 520	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 656	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 656	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 656	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 656	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 468	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 468	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 468	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 468	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 1052	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 1052	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 1052	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 1052	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 536	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 536	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 536	1700	367006.exe	367006.exe
PID 1700 wrote to memory of 536	1700	367006.exe	367006.exe

C:\Users\Admin\AppData\Local\Temp\367006.exe
"C:\Users\Admin\AppData\Local\Temp\367006.exe"
2⤵
PID:520

C:\Users\Admin\AppData\Local\Temp\367006.exe
"C:\Users\Admin\AppData\Local\Temp\367006.exe"
2⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\367006.exe
"C:\Users\Admin\AppData\Local\Temp\367006.exe"
2⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\367006.exe
"C:\Users\Admin\AppData\Local\Temp\367006.exe"
2⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\367006.exe
"C:\Users\Admin\AppData\Local\Temp\367006.exe"
2⤵
PID:536

memory/1700-60-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1700-62-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

Filesize
4KB

Download
memory/1700-63-0x0000000000270000-0x000000000028B000-memory.dmp

Filesize
108KB

Download
memory/1700-64-0x0000000007E40000-0x0000000007EB2000-memory.dmp

Filesize
456KB

Download
memory/1700-65-0x0000000002070000-0x000000000209E000-memory.dmp

Filesize
184KB

Download