78b5fb7cbde356e0620afee36e4908e1985fbe17aaf30eaa896ecdf7c5f10f0b

General

Target

289bce792735d436f48355e55ea0276f.exe
Size

246KB
MD5

289bce792735d436f48355e55ea0276f
SHA1

1438cd6b0e96ee1b6d9d3d17e3bc0177c9034ed8
SHA256

78b5fb7cbde356e0620afee36e4908e1985fbe17aaf30eaa896ecdf7c5f10f0b
SHA512

f7216462891aa8937a0d512f6219c0b180ff5582494d0a54b093ca7cc65ae75665a1d2f5faec6ff916fe8d79ee179ffd10ae432a1d8c8aa58c09f6c9c4e6bfa2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

289bce792735d436f48355e55ea0276f.exe

pid	process
656	289bce792735d436f48355e55ea0276f.exe
656	289bce792735d436f48355e55ea0276f.exe
656	289bce792735d436f48355e55ea0276f.exe
656	289bce792735d436f48355e55ea0276f.exe
656	289bce792735d436f48355e55ea0276f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

289bce792735d436f48355e55ea0276f.exe

description pid process

Token: SeDebugPrivilege 656 289bce792735d436f48355e55ea0276f.exe

description	pid	process
Token: SeDebugPrivilege	656	289bce792735d436f48355e55ea0276f.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

289bce792735d436f48355e55ea0276f.exe

C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe
"C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:656

C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe
"C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe"
2⤵
PID:636

C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe
"C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe"
2⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe
"C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe"
2⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe
"C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe"
2⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe
"C:\Users\Admin\AppData\Local\Temp\289bce792735d436f48355e55ea0276f.exe"
2⤵
PID:796

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/656-55-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/656-57-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/656-58-0x00000000004E0000-0x00000000004E7000-memory.dmp

Filesize
28KB

Download
memory/656-59-0x00000000008D0000-0x00000000008F9000-memory.dmp

Filesize
164KB

Download

description	pid	process	target process
PID 656 wrote to memory of 636	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 636	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 636	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 636	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1588	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1588	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1588	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1588	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1040	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1040	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1040	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 1040	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 880	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 880	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 880	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 880	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 796	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 796	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 796	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe
PID 656 wrote to memory of 796	656	289bce792735d436f48355e55ea0276f.exe	289bce792735d436f48355e55ea0276f.exe

Analysis

Sharing