c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6

General

Target

c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
Size

263KB
MD5

f184c7be5715b6cee3458d2b830788cf
SHA1

83134dbda0337c6f5a41773b6d430bd227b4d6bf
SHA256

c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6
SHA512

4e89ae3793afd18a79c94a7cdddcbbea2122f5c133e7b6f30960b7076343325df4c2fb72b9a0f8e06c3dc4d70831d7b3f97db04a33eb32988babefa9d8254bbb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

pid	process
1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

description pid process

Token: SeDebugPrivilege 1424 c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

description	pid	process
Token: SeDebugPrivilege	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1424

C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe"
2⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe"
2⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe"
2⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe"
2⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe"
2⤵
PID:1680

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1424-55-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1424-57-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/1424-58-0x0000000000560000-0x0000000000567000-memory.dmp

Filesize
28KB

Download
memory/1424-59-0x0000000004900000-0x000000000493C000-memory.dmp

Filesize
240KB

Download

description	pid	process	target process
PID 1424 wrote to memory of 620	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 620	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 620	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 620	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1980	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1980	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1980	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1980	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 684	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 684	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 684	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 684	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1144	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1144	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1144	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1144	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1680	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1680	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1680	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe
PID 1424 wrote to memory of 1680	1424	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe	c2853161b03051757ee439842cf28a6526872c9898183a21deeb7fca109e4ff6.exe

Analysis

Sharing