d76a0095d991a2a8c21d6b079e66606a512271706602ddafd94d85bf0cae527e

General

Target

de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
Size

3.7MB
MD5

00fd3c68b44a6e82a6c516e6326dd89f
SHA1

a0d06dfc640fcaf4533962a11b4907c2dbbdfc8d
SHA256

de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30
SHA512

92a6b9b7eda12966869d1192c5bc9abc793a1428ef8c0463c18677b03fc6c6ee9482a3559d8c20dc7284167cbecfdc77c58367cab5d9a3b0e83ae91eab3a7bfc

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

pid	process
772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

description pid process

Token: SeDebugPrivilege 772 de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

description	pid	process
Token: SeDebugPrivilege	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
"C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:772

C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
"C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe"
2⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
"C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe"
2⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
"C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe"
2⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
"C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe"
2⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
"C:\Users\Admin\AppData\Local\Temp\de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe"
2⤵
PID:396

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/772-60-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/772-62-0x0000000004F00000-0x0000000004F01000-memory.dmp

Filesize
4KB

Download
memory/772-63-0x00000000020E0000-0x00000000020E4000-memory.dmp

Filesize
16KB

Download
memory/772-64-0x00000000045F0000-0x0000000004638000-memory.dmp

Filesize
288KB

Download

description	pid	process	target process
PID 772 wrote to memory of 300	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 300	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 300	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 300	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1716	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1716	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1716	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1716	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 832	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 832	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 832	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 832	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1012	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1012	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1012	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 1012	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 396	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 396	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 396	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe
PID 772 wrote to memory of 396	772	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe	de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30.exe

Analysis

Sharing