44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3

General

Target

44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
Size

2.1MB
MD5

8f80b1aa1c993a8be187868cd3b6f5fc
SHA1

a1b1959ea2f410aa40e09f73e6522fe89969c6c5
SHA256

44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3
SHA512

344da2dcb5643e558ea52cf5b7728180359e04bc6179cda768438c205787e8e7c474952afb3c9d1fd63a7879be213b8bc41fc090248a63f5fa2201b7199a0ad3

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

pid	process
1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

description pid process

Token: SeDebugPrivilege 1956 44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

description	pid	process
Token: SeDebugPrivilege	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
"C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1956

C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
"C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe"
2⤵
PID:520

C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
"C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe"
2⤵
PID:408

C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
"C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe"
2⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
"C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe"
2⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
"C:\Users\Admin\AppData\Local\Temp\44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe"
2⤵
PID:2004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-54-0x00000000003A0000-0x00000000005C4000-memory.dmp

Filesize
2.1MB

Download
memory/1956-55-0x0000000075431000-0x0000000075433000-memory.dmp

Filesize
8KB

Download
memory/1956-56-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

Filesize
4KB

Download
memory/1956-57-0x0000000000390000-0x00000000003A4000-memory.dmp

Filesize
80KB

Download
memory/1956-58-0x0000000005840000-0x0000000005A40000-memory.dmp

Filesize
2.0MB

Download
memory/1956-59-0x0000000008CD0000-0x0000000008E82000-memory.dmp

Filesize
1.7MB

Download

description	pid	process	target process
PID 1956 wrote to memory of 520	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 520	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 520	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 520	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 408	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 408	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 408	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 408	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 836	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 836	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 836	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 836	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2008	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2008	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2008	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2008	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2004	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2004	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2004	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe
PID 1956 wrote to memory of 2004	1956	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe	44695a8503106b29067a702055ada74185c5072db375409f7cc8f36a64a7e4f3.exe

Analysis

Sharing