Analysis
-
max time kernel
46s -
max time network
110s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-06-2022 18:23
Static task
static1
Behavioral task
behavioral1
Sample
31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe
-
Size
1.4MB
-
MD5
3d33b77fb2fab5484d79b9e8210e071d
-
SHA1
8ad49eb332c4acced160fccd2cba0df8a579abd7
-
SHA256
31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3
-
SHA512
fcc60b4466d3279bbdbac5a8ca3a020e9a7844384b463eba39f7d2efd7e519d5d48f942d3c6a67fb5ce732dc8dd55d2d4659213c58d05a807fdfa715cc75c1ae
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 1112 taskkill.exe -
Processes:
31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe -
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exetaskkill.exedescription pid process Token: SeCreateTokenPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeAssignPrimaryTokenPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeLockMemoryPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeIncreaseQuotaPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeMachineAccountPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeTcbPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeSecurityPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeTakeOwnershipPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeLoadDriverPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeSystemProfilePrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeSystemtimePrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeProfSingleProcessPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeIncBasePriorityPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeCreatePagefilePrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeCreatePermanentPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeBackupPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeRestorePrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeShutdownPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeDebugPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeAuditPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeSystemEnvironmentPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeChangeNotifyPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeRemoteShutdownPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeUndockPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeSyncAgentPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeEnableDelegationPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeManageVolumePrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeImpersonatePrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeCreateGlobalPrivilege 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: 31 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: 32 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: 33 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: 34 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: 35 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe Token: SeDebugPrivilege 1112 taskkill.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.execmd.exedescription pid process target process PID 1308 wrote to memory of 1652 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe cmd.exe PID 1308 wrote to memory of 1652 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe cmd.exe PID 1308 wrote to memory of 1652 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe cmd.exe PID 1308 wrote to memory of 1652 1308 31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe cmd.exe PID 1652 wrote to memory of 1112 1652 cmd.exe taskkill.exe PID 1652 wrote to memory of 1112 1652 cmd.exe taskkill.exe PID 1652 wrote to memory of 1112 1652 cmd.exe taskkill.exe PID 1652 wrote to memory of 1112 1652 cmd.exe taskkill.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe"C:\Users\Admin\AppData\Local\Temp\31b03f6a6fae46fe00388be20bbd5e8432b816e0cfc056309de6d175e45677e3.exe"1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken