3c4aa39e200cb4303a3e5970bbedb5a1bb1baa656c3fc2286f82392a91e4a4ea

General

Target

6923309c1cf759930f67710ac9dfd328.exe
Size

511KB
MD5

6923309c1cf759930f67710ac9dfd328
SHA1

e74291e311e8466dd7222a2eb3779848385dd3fa
SHA256

3c4aa39e200cb4303a3e5970bbedb5a1bb1baa656c3fc2286f82392a91e4a4ea
SHA512

993dbcc6063f3a1b293fb3e2c794f1f817a4703d5b21154fc47e02998f72e334cca38b820c6f657a8345775690eed93f2a8f9202b453490735bc89cebf3ecbd5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

6923309c1cf759930f67710ac9dfd328.exe

pid	process
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe
1476	6923309c1cf759930f67710ac9dfd328.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6923309c1cf759930f67710ac9dfd328.exe

description pid process

Token: SeDebugPrivilege 1476 6923309c1cf759930f67710ac9dfd328.exe

description	pid	process
Token: SeDebugPrivilege	1476	6923309c1cf759930f67710ac9dfd328.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

6923309c1cf759930f67710ac9dfd328.exe

C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe
"C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1476

C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe
"C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe"
2⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe
"C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe"
2⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe
"C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe"
2⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe
"C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe"
2⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe
"C:\Users\Admin\AppData\Local\Temp\6923309c1cf759930f67710ac9dfd328.exe"
2⤵
PID:1076

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1476-55-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1476-57-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/1476-58-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/1476-59-0x0000000004280000-0x00000000042CF000-memory.dmp

Filesize
316KB

Download

description	pid	process	target process
PID 1476 wrote to memory of 1048	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1048	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1048	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1048	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 852	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 852	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 852	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 852	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 616	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 616	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 616	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 616	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1960	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1960	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1960	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1960	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1076	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1076	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1076	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe
PID 1476 wrote to memory of 1076	1476	6923309c1cf759930f67710ac9dfd328.exe	6923309c1cf759930f67710ac9dfd328.exe

Analysis

Sharing