c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6

General

Target

c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
Size

432KB
MD5

503b326864f4eb7a1c024a36814de46b
SHA1

8e0977832da6980ff56a70e59ec1dff702d58d11
SHA256

c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6
SHA512

a06bd71d53abb87d03ee2eb4a072c0f0b8e44d523db97076933592b3ead754e7dfa3389b5634569b935943bde00d2c9b8919c223f53bcad3a4e531c59e712e47

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

pid	process
1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

description pid process

Token: SeDebugPrivilege 1056 c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

description	pid	process
Token: SeDebugPrivilege	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
"C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1056

C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
"C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe"
2⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
"C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe"
2⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
"C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe"
2⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
"C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe"
2⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
"C:\Users\Admin\AppData\Local\Temp\c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe"
2⤵
PID:2036

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1056-54-0x00000000003F0000-0x0000000000462000-memory.dmp

Filesize
456KB

Download
memory/1056-55-0x00000000764C1000-0x00000000764C3000-memory.dmp

Filesize
8KB

Download
memory/1056-56-0x0000000000390000-0x0000000000398000-memory.dmp

Filesize
32KB

Download
memory/1056-57-0x00000000051A0000-0x0000000005210000-memory.dmp

Filesize
448KB

Download
memory/1056-58-0x0000000000730000-0x0000000000750000-memory.dmp

Filesize
128KB

Download

description	pid	process	target process
PID 1056 wrote to memory of 1280	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1280	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1280	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1280	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1308	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1308	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1308	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1308	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1236	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1236	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1236	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1236	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1736	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1736	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1736	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 1736	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 2036	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 2036	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 2036	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe
PID 1056 wrote to memory of 2036	1056	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe	c34db222388b0ac3b10e12c1e05f170582d4c62432a1eda3bf50cb72dd5cfac6.exe

Analysis

Sharing