41c5b0b2b9afd1f7dc207176e2a200042660dcdb02c745cc750e13f1d3ad7b01

General

Target

c1968b2c517ba9f87e605d33612b7573.exe
Size

701KB
MD5

c1968b2c517ba9f87e605d33612b7573
SHA1

438c9f4aa5c4e7c27f505a081a445cdbe0830f9a
SHA256

41c5b0b2b9afd1f7dc207176e2a200042660dcdb02c745cc750e13f1d3ad7b01
SHA512

7c7db96e550f3dc65052d653cd1288747d8d3c7cca7418a0765b558bdcf6007d7a26b865d1e468cb88015a45a081ec02ca67c2c95c830f56a4d82b40e125b6f6

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

c1968b2c517ba9f87e605d33612b7573.exe

pid	process
1080	c1968b2c517ba9f87e605d33612b7573.exe
1080	c1968b2c517ba9f87e605d33612b7573.exe
1080	c1968b2c517ba9f87e605d33612b7573.exe
1080	c1968b2c517ba9f87e605d33612b7573.exe
1080	c1968b2c517ba9f87e605d33612b7573.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c1968b2c517ba9f87e605d33612b7573.exe

description pid process

Token: SeDebugPrivilege 1080 c1968b2c517ba9f87e605d33612b7573.exe

description	pid	process
Token: SeDebugPrivilege	1080	c1968b2c517ba9f87e605d33612b7573.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

c1968b2c517ba9f87e605d33612b7573.exe

C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe
"C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1080

C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe
"C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe"
2⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe
"C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe"
2⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe
"C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe"
2⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe
"C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe"
2⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe
"C:\Users\Admin\AppData\Local\Temp\c1968b2c517ba9f87e605d33612b7573.exe"
2⤵
PID:1564

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-54-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1080-56-0x0000000004A70000-0x0000000004A71000-memory.dmp

Filesize
4KB

Download
memory/1080-57-0x0000000000360000-0x0000000000373000-memory.dmp

Filesize
76KB

Download
memory/1080-58-0x00000000051B0000-0x000000000521D000-memory.dmp

Filesize
436KB

Download
memory/1080-59-0x0000000000470000-0x0000000000472000-memory.dmp

Filesize
8KB

Download
memory/1080-60-0x0000000000480000-0x00000000004BE000-memory.dmp

Filesize
248KB

Download

description	pid	process	target process
PID 1080 wrote to memory of 788	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 788	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 788	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 788	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1752	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1752	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1752	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1752	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1756	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1756	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1756	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1756	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 968	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 968	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 968	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 968	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1564	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1564	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1564	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe
PID 1080 wrote to memory of 1564	1080	c1968b2c517ba9f87e605d33612b7573.exe	c1968b2c517ba9f87e605d33612b7573.exe

Analysis

Sharing