626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36

General

Target

626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
Size

660KB
MD5

ae6abe9bab7c790b16db7d862c9afe7a
SHA1

3fa1e17b11c70099324493be5d127a81921f239f
SHA256

626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36
SHA512

2e2b18fdb09994c991cbf54fd12663b534974cd1ac84405df1d196567284301f5542b599da98cc1477a84dd5fe6523d2d272f38c528b34d94b7e4c6392b14e41
SSDEEP

12288:yI9q3WkGypQkKkryHfTyv1ILAhvD5GfruH+xhqS6K:yIOWkGWyu9kUd0Uu

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

pid	process
380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

description pid process

Token: SeDebugPrivilege 380 626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

description	pid	process
Token: SeDebugPrivilege	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
"C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:380
- C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
  "C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe"
  2⤵
  PID:960
- C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
  "C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe"
  2⤵
  PID:940
- C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
  "C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe"
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
  "C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe"
  2⤵
  PID:1644
- C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
  "C:\Users\Admin\AppData\Local\Temp\626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe"
  2⤵
  PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/380-54-0x00000000003E0000-0x000000000048C000-memory.dmp

Filesize
688KB

Download
memory/380-55-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/380-56-0x00000000003D0000-0x00000000003E2000-memory.dmp

Filesize
72KB

Download
memory/380-57-0x00000000056C0000-0x0000000005756000-memory.dmp

Filesize
600KB

Download
memory/380-58-0x0000000001F40000-0x0000000001F46000-memory.dmp

Filesize
24KB

Download
memory/380-59-0x00000000041B0000-0x00000000041EA000-memory.dmp

Filesize
232KB

Download

description	pid	process	target process
PID 380 wrote to memory of 960	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 960	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 960	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 960	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 940	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 940	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 940	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 940	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1740	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1740	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1740	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1740	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1644	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1644	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1644	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1644	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1548	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1548	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1548	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe
PID 380 wrote to memory of 1548	380	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe	626d99f87fba80c0786b3e8d6cf666b2aad88ae6d54c26a7445cca6409855c36.exe

Analysis

Sharing