dbb841aa94ab0edf2f9a31fd5c329cead1f72eb5c90e03ff5b5018b62c37b83e

General

Target

sUTU8qA36YWUnuy.exe
Size

903KB
MD5

e9b1654b791f75595bbd5de696d8237b
SHA1

6bd2875b79ba0f68b7e973ec9f76d046e7a162d7
SHA256

dbb841aa94ab0edf2f9a31fd5c329cead1f72eb5c90e03ff5b5018b62c37b83e
SHA512

58b786d679f18cb90fa84ea9e1c72dadda0eaef60de885b9914dffb89f7bd29274089151cbc001e2e2460e8129c2ad2985952a188d4a49dd387c8393b4657dff

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

sUTU8qA36YWUnuy.exe

pid process

1520 sUTU8qA36YWUnuy.exe
1520 sUTU8qA36YWUnuy.exe
1520 sUTU8qA36YWUnuy.exe
1520 sUTU8qA36YWUnuy.exe
1520 sUTU8qA36YWUnuy.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

sUTU8qA36YWUnuy.exe

description pid process

Token: SeDebugPrivilege 1520 sUTU8qA36YWUnuy.exe

pid	process
1520	sUTU8qA36YWUnuy.exe
1520	sUTU8qA36YWUnuy.exe
1520	sUTU8qA36YWUnuy.exe
1520	sUTU8qA36YWUnuy.exe
1520	sUTU8qA36YWUnuy.exe

description	pid	process
Token: SeDebugPrivilege	1520	sUTU8qA36YWUnuy.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

sUTU8qA36YWUnuy.exe

description	pid	process	target process
PID 1520 wrote to memory of 1304	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1304	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1304	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1304	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 552	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 552	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 552	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 552	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1892	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1892	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1892	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1892	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 2028	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 2028	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 2028	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 2028	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1744	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1744	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1744	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe
PID 1520 wrote to memory of 1744	1520	sUTU8qA36YWUnuy.exe	sUTU8qA36YWUnuy.exe

C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe
"C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1520

C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe
"C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe"
2⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe
"C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe"
2⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe
"C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe"
2⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe
"C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe"
2⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe
"C:\Users\Admin\AppData\Local\Temp\sUTU8qA36YWUnuy.exe"
2⤵
PID:1744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-55-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1520-57-0x0000000076A21000-0x0000000076A23000-memory.dmp

Filesize
8KB

Download
memory/1520-58-0x00000000049D0000-0x00000000049D1000-memory.dmp

Filesize
4KB

Download
memory/1520-59-0x0000000000730000-0x0000000000735000-memory.dmp

Filesize
20KB

Download
memory/1520-60-0x0000000005080000-0x0000000005182000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads