33e4909aab4cdcf2a122992cc468dcd23fbd830703cb0ec273cb85e16a05478b

General

Target

a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
Size

695KB
MD5

a0ef2dbcc8cbebbd258ae9c4cf1c2323
SHA1

253aee4ab5de177d042aa98aa67641e8f6b50ce1
SHA256

33e4909aab4cdcf2a122992cc468dcd23fbd830703cb0ec273cb85e16a05478b
SHA512

4dbb42d45548fe6e13e58715c249d1611a62270083ee0bce6979a73deb27b4cdf4130f525b138782cd52dfaed4382ff150955bb6b31c09ad37f5e4a29b4113fc
SSDEEP

12288:AkG0F75eK24fnH52g1QxXk0B7uJhu3HonNi/tlXBob+uUVI8f66tstZEV1wz:/dZ51DnH52g1QxXV7ahh29oiuYLm3EVe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

pid	process
1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

description pid process

Token: SeDebugPrivilege 1440 a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

pid process

1440 a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
1440 a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

description	pid	process
Token: SeDebugPrivilege	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
"C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
  "C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe"
  2⤵
  PID:1388
- C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
  "C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe"
  2⤵
  PID:1116
- C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
  "C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe"
  2⤵
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
  "C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe"
  2⤵
  PID:832
- C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
  "C:\Users\Admin\AppData\Local\Temp\a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe"
  2⤵
  PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1440-54-0x00000000003C0000-0x0000000000474000-memory.dmp

Filesize
720KB

Download
memory/1440-55-0x0000000075AF1000-0x0000000075AF3000-memory.dmp

Filesize
8KB

Download
memory/1440-56-0x0000000000700000-0x0000000000718000-memory.dmp

Filesize
96KB

Download
memory/1440-57-0x0000000000720000-0x000000000072C000-memory.dmp

Filesize
48KB

Download
memory/1440-58-0x0000000005940000-0x00000000059D8000-memory.dmp

Filesize
608KB

Download
memory/1440-59-0x00000000043A0000-0x00000000043E0000-memory.dmp

Filesize
256KB

Download

description	pid	process	target process
PID 1440 wrote to memory of 1388	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1388	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1388	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1388	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1116	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1116	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1116	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1116	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1520	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1520	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1520	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1520	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 832	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 832	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 832	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 832	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1344	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1344	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1344	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe
PID 1440 wrote to memory of 1344	1440	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe	a0ef2dbcc8cbebbd258ae9c4cf1c2323.exe

Analysis

Sharing