a68cb3bf1d9d41e29fcf2e4391e827591e58783cea5a13fe95403fb6b3429b5d

General

Target

739db143a714b168ad4250a12a903a91.exe
Size

345KB
MD5

739db143a714b168ad4250a12a903a91
SHA1

0e16e00f6fd173672e5e70797a1b063399d373d8
SHA256

a68cb3bf1d9d41e29fcf2e4391e827591e58783cea5a13fe95403fb6b3429b5d
SHA512

09a5436fe70035fc2225729db560eba215027ca709df7e2050aa7f3f40bf9d5b94499e3e23bb646bcf64fb3199a553d51751998aab4a243eeb2877b6c5b64e37

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

739db143a714b168ad4250a12a903a91.exe

pid	process
1132	739db143a714b168ad4250a12a903a91.exe
1132	739db143a714b168ad4250a12a903a91.exe
1132	739db143a714b168ad4250a12a903a91.exe
1132	739db143a714b168ad4250a12a903a91.exe
1132	739db143a714b168ad4250a12a903a91.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

739db143a714b168ad4250a12a903a91.exe

description pid process

Token: SeDebugPrivilege 1132 739db143a714b168ad4250a12a903a91.exe

description	pid	process
Token: SeDebugPrivilege	1132	739db143a714b168ad4250a12a903a91.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

739db143a714b168ad4250a12a903a91.exe

C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe
"C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1132

C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe
"C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe"
2⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe
"C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe"
2⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe
"C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe"
2⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe
"C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe"
2⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe
"C:\Users\Admin\AppData\Local\Temp\739db143a714b168ad4250a12a903a91.exe"
2⤵
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1132-53-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/1132-55-0x0000000075951000-0x0000000075953000-memory.dmp

Filesize
8KB

Download
memory/1132-56-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/1132-57-0x0000000000550000-0x0000000000555000-memory.dmp

Filesize
20KB

Download
memory/1132-58-0x00000000052B0000-0x0000000005300000-memory.dmp

Filesize
320KB

Download

description	pid	process	target process
PID 1132 wrote to memory of 860	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 860	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 860	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 860	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1388	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1388	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1388	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1388	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1476	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1476	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1476	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1476	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1384	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1384	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1384	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1384	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1664	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1664	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1664	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe
PID 1132 wrote to memory of 1664	1132	739db143a714b168ad4250a12a903a91.exe	739db143a714b168ad4250a12a903a91.exe

Analysis

Sharing