eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f

General

Target

eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
Size

1.2MB
MD5

72612c0ae5454485e2c5201555673ccc
SHA1

6d7e8a9e95aa3eab29be870aa05eb5d4d787085a
SHA256

eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f
SHA512

6b998f4730b8c2bbf707c60b68713ebac5a54d762a5c09fc12ba28abcb1ecaa00a4ba198ebbf88ab9602e2567dc0e5491b9fec915223862e0747428fbca545a2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exepowershell.exe

pid	process
892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
2972	powershell.exe
2972	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
Token: SeDebugPrivilege	2972	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.execmd.exe

description	pid	process	target process
PID 892 wrote to memory of 3144	892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe	cmd.exe
PID 892 wrote to memory of 3144	892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe	cmd.exe
PID 892 wrote to memory of 3144	892	eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe	cmd.exe
PID 3144 wrote to memory of 2972	3144	cmd.exe	powershell.exe
PID 3144 wrote to memory of 2972	3144	cmd.exe	powershell.exe
PID 3144 wrote to memory of 2972	3144	cmd.exe	powershell.exe

C:\Users\Admin\AppData\Local\Temp\eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe
"C:\Users\Admin\AppData\Local\Temp\eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:892

C:\Windows\SysWOW64\cmd.exe
"cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe' & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:3144

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\eff032aac3bd1383f47cbba29306f786b2fa93c66ff7b71874fdd78938188f5f.exe'
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-130-0x0000000000220000-0x0000000000368000-memory.dmp

Filesize
1.3MB

Download
memory/892-131-0x0000000004F30000-0x0000000004FCC000-memory.dmp

Filesize
624KB

Download
memory/892-133-0x000000000A6C0000-0x000000000A752000-memory.dmp

Filesize
584KB

Download
memory/892-132-0x000000000ABD0000-0x000000000B174000-memory.dmp

Filesize
5.6MB

Download
memory/892-134-0x000000000A650000-0x000000000A65A000-memory.dmp

Filesize
40KB

Download
memory/892-135-0x000000000A8B0000-0x000000000A906000-memory.dmp

Filesize
344KB

Download
memory/892-136-0x0000000005970000-0x00000000059D6000-memory.dmp

Filesize
408KB

Download
memory/2972-138-0x0000000000000000-mapping.dmp

Download
memory/2972-139-0x00000000028D0000-0x0000000002906000-memory.dmp

Filesize
216KB

Download
memory/2972-140-0x0000000005440000-0x0000000005A68000-memory.dmp

Filesize
6.2MB

Download
memory/2972-141-0x0000000005130000-0x0000000005152000-memory.dmp

Filesize
136KB

Download
memory/2972-142-0x0000000005AE0000-0x0000000005B46000-memory.dmp

Filesize
408KB

Download
memory/2972-143-0x0000000006210000-0x000000000622E000-memory.dmp

Filesize
120KB

Download
memory/2972-144-0x0000000007870000-0x0000000007EEA000-memory.dmp

Filesize
6.5MB

Download
memory/2972-145-0x00000000066F0000-0x000000000670A000-memory.dmp

Filesize
104KB

Download
memory/2972-146-0x0000000007490000-0x0000000007526000-memory.dmp

Filesize
600KB

Download
memory/2972-147-0x00000000067B0000-0x00000000067D2000-memory.dmp

Filesize
136KB

Download
memory/3144-137-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads