ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe

General

Target

ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
Size

1.6MB
MD5

13c833354316727fcab655a7464642eb
SHA1

df2191f3e5e45e9e91d9e74cc04e29aa5f0afb75
SHA256

ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe
SHA512

3f3533f36dad7ce6a1df605de7501d0a30401ca258b599634268a6025c82950bcd5f49b951a4f5c17123e16a757c09a5724f5e24aebf3be9a3fa462c8bed9569

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 432	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	29
PID 1568 wrote to memory of 432	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	29
PID 1568 wrote to memory of 432	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	29
PID 1568 wrote to memory of 432	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	29
PID 1568 wrote to memory of 1440	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	30
PID 1568 wrote to memory of 1440	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	30
PID 1568 wrote to memory of 1440	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	30
PID 1568 wrote to memory of 1440	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	30
PID 1568 wrote to memory of 1972	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	31
PID 1568 wrote to memory of 1972	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	31
PID 1568 wrote to memory of 1972	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	31
PID 1568 wrote to memory of 1972	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	31
PID 1568 wrote to memory of 1968	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	32
PID 1568 wrote to memory of 1968	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	32
PID 1568 wrote to memory of 1968	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	32
PID 1568 wrote to memory of 1968	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	32
PID 1568 wrote to memory of 2000	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	33
PID 1568 wrote to memory of 2000	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	33
PID 1568 wrote to memory of 2000	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	33
PID 1568 wrote to memory of 2000	1568	ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe	33

C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
"C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
  "{path}"
  2⤵
  PID:432
- C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
  "{path}"
  2⤵
  PID:1440
- C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
  "{path}"
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
  "{path}"
  2⤵
  PID:1968
- C:\Users\Admin\AppData\Local\Temp\ce7cea1f2a82e16ae93ce1ecaa595c8e3dc09e8e262e8a64016dc656f46c2ffe.exe
  "{path}"
  2⤵
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1568-54-0x00000000002D0000-0x0000000000474000-memory.dmp

Filesize
1.6MB

Download
memory/1568-55-0x0000000074040000-0x000000007472E000-memory.dmp

Filesize
6.9MB

Download
memory/1568-56-0x00000000049A0000-0x00000000049A1000-memory.dmp

Filesize
4KB

Download
memory/1568-57-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/1568-58-0x00000000082D0000-0x000000000840E000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads