4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800

General

Target

4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
Size

974KB
MD5

8089de419f5fc9e263ca1439a4b5245b
SHA1

e4e9e1bd91630cc702c862ceeac16215174249b4
SHA256

4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800
SHA512

715b3cf733554135292757a9942cdc6bf9682e2b54be8d9a03a668ce0e5e5bf1835320803ccc45a087866e2b03a7d189ff2d0a8e73244c88b03dfc15463300e7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1756	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	27
PID 1704 wrote to memory of 1756	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	27
PID 1704 wrote to memory of 1756	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	27
PID 1704 wrote to memory of 1756	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	27
PID 1704 wrote to memory of 1732	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	28
PID 1704 wrote to memory of 1732	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	28
PID 1704 wrote to memory of 1732	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	28
PID 1704 wrote to memory of 1732	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	28
PID 1704 wrote to memory of 1720	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	29
PID 1704 wrote to memory of 1720	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	29
PID 1704 wrote to memory of 1720	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	29
PID 1704 wrote to memory of 1720	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	29
PID 1704 wrote to memory of 1972	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	30
PID 1704 wrote to memory of 1972	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	30
PID 1704 wrote to memory of 1972	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	30
PID 1704 wrote to memory of 1972	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	30
PID 1704 wrote to memory of 520	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	31
PID 1704 wrote to memory of 520	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	31
PID 1704 wrote to memory of 520	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	31
PID 1704 wrote to memory of 520	1704	4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe	31

C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
"C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
  "{path}"
  2⤵
  PID:1756
- C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
  "{path}"
  2⤵
  PID:1732
- C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
  "{path}"
  2⤵
  PID:1720
- C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
  "{path}"
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Local\Temp\4a638a4493725c524ab6db6f0a41781d881aaccb305d90168c17023616b34800.exe
  "{path}"
  2⤵
  PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1704-54-0x00000000003A0000-0x000000000049A000-memory.dmp

Filesize
1000KB

Download
memory/1704-55-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download
memory/1704-56-0x0000000000370000-0x0000000000382000-memory.dmp

Filesize
72KB

Download
memory/1704-57-0x0000000005250000-0x000000000531C000-memory.dmp

Filesize
816KB

Download
memory/1704-58-0x000000000A7C0000-0x000000000A886000-memory.dmp

Filesize
792KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads