cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103

General

Target

cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
Size

31KB
MD5

cf1e69d75b4678bd30ba449401dbea51
SHA1

7db96a0029285e73993190f165b6ce31c9ec6a2a
SHA256

cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103
SHA512

593e567aadb4f90fd120d1ff768f23db9e3a310ad5861c897802866fbeb0c841479b1285d8282756f4179d6b4d208d0d70a00c6eae256099263041837e6d42ad

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe

pid	process
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe

description pid process

Token: SeDebugPrivilege 4280 cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe

description	pid	process
Token: SeDebugPrivilege	4280	cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe

C:\Users\Admin\AppData\Local\Temp\cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe
"C:\Users\Admin\AppData\Local\Temp\cf5842ccd42db3f8dd67df5c6dfc6dded85ad75f402751be3c4e9e5f29e58103.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4280-130-0x00000000751C0000-0x0000000075771000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads