74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6

General

Target

74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe
Size

754KB
MD5

ca12eb7a1b83c0ab450644abf40a6b6c
SHA1

d42c8a7c8b17e05fad9463ad7fb6cc87511e27b6
SHA256

74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6
SHA512

492d936d47c2bc60d15b1a367c1b63803ed0c9f06a4a3a0d09efedcc63d79c82794b1be43cec48a95232ee39d5ef1f62eb7e4c75a145f741cd32b92ce4591d64

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

1524 powershell.exe
1524 powershell.exe

pid	process
1524	powershell.exe
1524	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	3572	74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe
Token: SeDebugPrivilege	1524	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.execmd.exe

description	pid	process	target process
PID 3572 wrote to memory of 3680	3572	74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe	cmd.exe
PID 3572 wrote to memory of 3680	3572	74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe	cmd.exe
PID 3572 wrote to memory of 3680	3572	74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe	cmd.exe
PID 3680 wrote to memory of 1524	3680	cmd.exe	powershell.exe
PID 3680 wrote to memory of 1524	3680	cmd.exe	powershell.exe
PID 3680 wrote to memory of 1524	3680	cmd.exe	powershell.exe

C:\Windows\SysWOW64\cmd.exe
"cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\74ff711492a61aca0091936e7c5e20d93138fccd4899c0d84ff55307253d4bc6.exe' & exit
2⤵
- Suspicious use of WriteProcessMemory
PID:3680

memory/1524-142-0x00000000077D0000-0x0000000007E4A000-memory.dmp

Filesize
6.5MB

Download
memory/1524-136-0x0000000000000000-mapping.dmp

Download
memory/1524-145-0x00000000064D0000-0x00000000064F2000-memory.dmp

Filesize
136KB

Download
memory/1524-144-0x0000000007150000-0x00000000071E6000-memory.dmp

Filesize
600KB

Download
memory/1524-138-0x00000000052C0000-0x00000000058E8000-memory.dmp

Filesize
6.2MB

Download
memory/1524-143-0x0000000006400000-0x000000000641A000-memory.dmp

Filesize
104KB

Download
memory/1524-141-0x0000000005F80000-0x0000000005F9E000-memory.dmp

Filesize
120KB

Download
memory/1524-137-0x00000000025D0000-0x0000000002606000-memory.dmp

Filesize
216KB

Download
memory/1524-140-0x0000000004FF0000-0x0000000005056000-memory.dmp

Filesize
408KB

Download
memory/1524-139-0x0000000004F50000-0x0000000004F72000-memory.dmp

Filesize
136KB

Download
memory/3572-134-0x0000000005490000-0x0000000005522000-memory.dmp

Filesize
584KB

Download
memory/3572-131-0x00000000055C0000-0x0000000005B64000-memory.dmp

Filesize
5.6MB

Download
memory/3572-130-0x0000000000450000-0x0000000000512000-memory.dmp

Filesize
776KB

Download
memory/3572-133-0x0000000005380000-0x00000000053E6000-memory.dmp

Filesize
408KB

Download
memory/3572-132-0x0000000004F00000-0x0000000004F9C000-memory.dmp

Filesize
624KB

Download
memory/3680-135-0x0000000000000000-mapping.dmp

Download