a579b16be0de7aae3a017e9dadcba7313d81e1832d3fc67251ed87fdaf17f7ad

General

Target

Quote USD$ Prices For Items.exe
Size

926KB
MD5

50831e895c50a7c21c1be66fc6fd2d28
SHA1

39cf19b2c753254ed0bafa11c635ab07670db32c
SHA256

490ba5c3e2409bf961484b16cba91c2539609bb04b10c69d0a2e5c76889242bf
SHA512

898a492001724bf52cee0fdee167da15447395424333eb5f9fe28355929207dd9d375743c80d0d259bee8bf8a2abe24effb677e0f0b8210a8f742a9e318c62ea

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Quote USD$ Prices For Items.exe

pid	process
1436	Quote USD$ Prices For Items.exe
1436	Quote USD$ Prices For Items.exe
1436	Quote USD$ Prices For Items.exe
1436	Quote USD$ Prices For Items.exe
1436	Quote USD$ Prices For Items.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Quote USD$ Prices For Items.exe

description pid process

Token: SeDebugPrivilege 1436 Quote USD$ Prices For Items.exe

description	pid	process
Token: SeDebugPrivilege	1436	Quote USD$ Prices For Items.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Quote USD$ Prices For Items.exe

C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
"C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
  2⤵
  PID:1004
- C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
  2⤵
  PID:740
- C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
  2⤵
  PID:640
- C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
  2⤵
  PID:1728
- C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
  2⤵
  PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1436-54-0x00000000001E0000-0x00000000002CE000-memory.dmp

Filesize
952KB

Download
memory/1436-55-0x00000000004C0000-0x00000000004D0000-memory.dmp

Filesize
64KB

Download
memory/1436-56-0x00000000055B0000-0x000000000566E000-memory.dmp

Filesize
760KB

Download
memory/1436-57-0x0000000004FA0000-0x0000000005028000-memory.dmp

Filesize
544KB

Download

description	pid	process	target process
PID 1436 wrote to memory of 1004	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1004	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1004	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1004	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 740	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 740	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 740	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 740	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 640	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 640	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 640	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 640	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1728	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1728	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1728	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 1728	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 112	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 112	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 112	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe
PID 1436 wrote to memory of 112	1436	Quote USD$ Prices For Items.exe	Quote USD$ Prices For Items.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads