09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0

Analysis

Target

09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe
Size

1.9MB
MD5

c0fd2bdc5772986959399b514d854a9c
SHA1

e09e54e91c0436b5a1f5225b80bf82702d82fc51
SHA256

09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0
SHA512

1d90940c99be7d37a135607887615de7db2eefd8f42c20efaab6d3cbc4ddad2d1ec12ceb49288911e1fe157a3231b3aec5c10baddca7bd223ac1d2832eb6e449

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

conhost.exe

description pid process

Token: SeDebugPrivilege 740 conhost.exe

description	pid	process
Token: SeDebugPrivilege	740	conhost.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe

description	pid	process	target process
PID 4284 wrote to memory of 740	4284	09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe	conhost.exe
PID 4284 wrote to memory of 740	4284	09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe	conhost.exe
PID 4284 wrote to memory of 740	4284	09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe	conhost.exe

C:\Users\Admin\AppData\Local\Temp\09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe
"C:\Users\Admin\AppData\Local\Temp\09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4284

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\09304997df4fc7a39650857511a5dba7ffdd7deb92cca4befec239a35d232fc0.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:740

memory/740-115-0x0000023AD20C0000-0x0000023AD22A8000-memory.dmp

Filesize
1.9MB

Download
memory/740-116-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-117-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-118-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-119-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-120-0x0000023AEC9F0000-0x0000023AECBD5000-memory.dmp

Filesize
1.9MB

Download
memory/740-122-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-123-0x0000023AD2700000-0x0000023AD2701000-memory.dmp

Filesize
4KB

Download
memory/740-124-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-125-0x0000023AD2410000-0x0000023AD2412000-memory.dmp

Filesize
8KB

Download
memory/740-127-0x0000023AD40B3000-0x0000023AD40B5000-memory.dmp

Filesize
8KB

Download
memory/740-128-0x0000023AD40B6000-0x0000023AD40B7000-memory.dmp

Filesize
4KB

Download
memory/740-126-0x0000023AD40B0000-0x0000023AD40B2000-memory.dmp

Filesize
8KB

Download