9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9

Analysis

Target

9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe
Size

1.9MB
MD5

13003cbfb6d2adfeea85952f8172c4f7
SHA1

e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
SHA256

9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
SHA512

ccb7e4dfb0454711cb50a619497072082bae3111ac8ba76b22d1f95af9721762b3b493596191f879bdca3d5872315009bb8f021ac131d9a1067e1dff91696824

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

conhost.exe

description pid process

Token: SeDebugPrivilege 960 conhost.exe

description	pid	process
Token: SeDebugPrivilege	960	conhost.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe

description	pid	process	target process
PID 784 wrote to memory of 960	784	9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe	conhost.exe
PID 784 wrote to memory of 960	784	9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe	conhost.exe
PID 784 wrote to memory of 960	784	9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe	conhost.exe

C:\Users\Admin\AppData\Local\Temp\9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe
"C:\Users\Admin\AppData\Local\Temp\9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:960

memory/960-114-0x000001AF8F4E0000-0x000001AF8F6C9000-memory.dmp

Filesize
1.9MB

Download
memory/960-115-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-116-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-117-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-118-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-119-0x000001AFAA040000-0x000001AFAA225000-memory.dmp

Filesize
1.9MB

Download
memory/960-121-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-122-0x000001AF91450000-0x000001AF91451000-memory.dmp

Filesize
4KB

Download
memory/960-123-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-124-0x000001AF912D0000-0x000001AF912D2000-memory.dmp

Filesize
8KB

Download
memory/960-126-0x000001AF91473000-0x000001AF91475000-memory.dmp

Filesize
8KB

Download
memory/960-125-0x000001AF91470000-0x000001AF91472000-memory.dmp

Filesize
8KB

Download
memory/960-127-0x000001AF91476000-0x000001AF91477000-memory.dmp

Filesize
4KB

Download