78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c

Analysis

max time kernel
151s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe
Size

77KB
MD5

6466f6610e1ac6abec92fa0bb59a88b4
SHA1

e06bf07b6f26b0326d292ca47ed177058da87ef3
SHA256

78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c
SHA512

2afb42946f08cdbe29c0947addbb0a793bf108aa249c412e15fe3104f65ecd605edd681fde74f9e2dec7082668cffd1b645ea6e8a316b3a756c0112ee4128bd9
SSDEEP

768:yziu2O0EiEBbSkkjfjL92FhzdO4WkfA3Mp879SOrvhUdUrXkkzZE9hftVfEDwnxm:k2Iis6jsjeXxSO1DrXkhJysECE8QfD

Score

1^/10

Malware Config

Signatures

Kills process with taskkill 64 IoCs

evasion

pid	Process
956	taskkill.exe
836	taskkill.exe
2728	taskkill.exe
3008	taskkill.exe
2732	taskkill.exe
2232	taskkill.exe
1584	taskkill.exe
1608	taskkill.exe
872	taskkill.exe
852	taskkill.exe
2068	taskkill.exe
2392	taskkill.exe
1472	taskkill.exe
2080	taskkill.exe
304	taskkill.exe
316	taskkill.exe
1824	taskkill.exe
668	taskkill.exe
2196	taskkill.exe
2240	taskkill.exe
3000	taskkill.exe
1916	taskkill.exe
2608	taskkill.exe
2888	taskkill.exe
2516	taskkill.exe
2056	taskkill.exe
2704	taskkill.exe
1880	taskkill.exe
1784	taskkill.exe
832	taskkill.exe
2648	taskkill.exe
2444	taskkill.exe
2500	taskkill.exe
2684	taskkill.exe
2712	taskkill.exe
692	taskkill.exe
2904	taskkill.exe
3040	taskkill.exe
2616	taskkill.exe
1964	taskkill.exe
1240	taskkill.exe
2288	taskkill.exe
3044	taskkill.exe
2748	taskkill.exe
2504	taskkill.exe
1036	taskkill.exe
1268	taskkill.exe
1152	taskkill.exe
1612	taskkill.exe
1620	taskkill.exe
2360	taskkill.exe
1732	taskkill.exe
2876	taskkill.exe
556	taskkill.exe
2744	taskkill.exe
2908	taskkill.exe
3012	taskkill.exe
2836	taskkill.exe
2032	taskkill.exe
2532	taskkill.exe
1320	taskkill.exe
2956	taskkill.exe
2788	taskkill.exe
2580	taskkill.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\Desktop\ScreenSaveActive = "0"	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1916	taskkill.exe
Token: SeDebugPrivilege	2032	taskkill.exe
Token: SeDebugPrivilege	692	taskkill.exe
Token: SeDebugPrivilege	1544	taskkill.exe
Token: SeDebugPrivilege	932	taskkill.exe
Token: SeDebugPrivilege	304	taskkill.exe
Token: SeDebugPrivilege	1472	taskkill.exe
Token: SeDebugPrivilege	1268	taskkill.exe
Token: SeDebugPrivilege	1564	taskkill.exe
Token: SeDebugPrivilege	1700	taskkill.exe
Token: SeDebugPrivilege	1732	taskkill.exe
Token: SeDebugPrivilege	1620	taskkill.exe
Token: SeDebugPrivilege	1744	taskkill.exe
Token: SeDebugPrivilege	1772	taskkill.exe
Token: SeDebugPrivilege	1152	taskkill.exe
Token: SeDebugPrivilege	720	taskkill.exe
Token: SeDebugPrivilege	1496	taskkill.exe
Token: SeDebugPrivilege	1748	taskkill.exe
Token: SeDebugPrivilege	1684	taskkill.exe
Token: SeDebugPrivilege	1216	taskkill.exe
Token: SeDebugPrivilege	1584	taskkill.exe
Token: SeDebugPrivilege	956	taskkill.exe
Token: SeDebugPrivilege	768	taskkill.exe
Token: SeDebugPrivilege	632	taskkill.exe
Token: SeDebugPrivilege	316	taskkill.exe
Token: SeDebugPrivilege	1752	taskkill.exe
Token: SeDebugPrivilege	1352	taskkill.exe
Token: SeDebugPrivilege	2000	taskkill.exe
Token: SeDebugPrivilege	1784	taskkill.exe
Token: SeDebugPrivilege	900	taskkill.exe
Token: SeDebugPrivilege	848	taskkill.exe
Token: SeDebugPrivilege	1572	taskkill.exe
Token: SeDebugPrivilege	284	taskkill.exe
Token: SeDebugPrivilege	1372	taskkill.exe
Token: SeDebugPrivilege	1240	taskkill.exe
Token: SeDebugPrivilege	1964	taskkill.exe
Token: SeDebugPrivilege	832	taskkill.exe
Token: SeDebugPrivilege	1348	taskkill.exe
Token: SeDebugPrivilege	1792	taskkill.exe
Token: SeDebugPrivilege	828	taskkill.exe
Token: SeDebugPrivilege	1616	taskkill.exe
Token: SeDebugPrivilege	1608	taskkill.exe
Token: SeDebugPrivilege	1316	taskkill.exe
Token: SeDebugPrivilege	1884	taskkill.exe
Token: SeDebugPrivilege	1820	taskkill.exe
Token: SeDebugPrivilege	776	taskkill.exe
Token: SeDebugPrivilege	1764	taskkill.exe
Token: SeDebugPrivilege	1168	taskkill.exe
Token: SeDebugPrivilege	1344	taskkill.exe
Token: SeDebugPrivilege	872	taskkill.exe
Token: SeDebugPrivilege	1296	taskkill.exe
Token: SeDebugPrivilege	1660	taskkill.exe
Token: SeDebugPrivilege	1880	taskkill.exe
Token: SeDebugPrivilege	852	taskkill.exe
Token: SeDebugPrivilege	1824	taskkill.exe
Token: SeDebugPrivilege	836	taskkill.exe
Token: SeDebugPrivilege	668	taskkill.exe
Token: SeDebugPrivilege	1012	taskkill.exe
Token: SeDebugPrivilege	760	taskkill.exe
Token: SeDebugPrivilege	1612	taskkill.exe
Token: SeDebugPrivilege	1320	taskkill.exe
Token: SeDebugPrivilege	2044	taskkill.exe
Token: SeDebugPrivilege	2056	taskkill.exe
Token: SeDebugPrivilege	2104	taskkill.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe
1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1916	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	28
PID 1952 wrote to memory of 1916	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	28
PID 1952 wrote to memory of 1916	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	28
PID 1952 wrote to memory of 1916	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	28
PID 1952 wrote to memory of 2032	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	31
PID 1952 wrote to memory of 2032	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	31
PID 1952 wrote to memory of 2032	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	31
PID 1952 wrote to memory of 2032	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	31
PID 1952 wrote to memory of 692	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	33
PID 1952 wrote to memory of 692	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	33
PID 1952 wrote to memory of 692	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	33
PID 1952 wrote to memory of 692	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	33
PID 1952 wrote to memory of 1544	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	35
PID 1952 wrote to memory of 1544	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	35
PID 1952 wrote to memory of 1544	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	35
PID 1952 wrote to memory of 1544	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	35
PID 1952 wrote to memory of 932	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	37
PID 1952 wrote to memory of 932	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	37
PID 1952 wrote to memory of 932	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	37
PID 1952 wrote to memory of 932	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	37
PID 1952 wrote to memory of 304	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	39
PID 1952 wrote to memory of 304	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	39
PID 1952 wrote to memory of 304	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	39
PID 1952 wrote to memory of 304	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	39
PID 1952 wrote to memory of 1472	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	41
PID 1952 wrote to memory of 1472	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	41
PID 1952 wrote to memory of 1472	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	41
PID 1952 wrote to memory of 1472	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	41
PID 1952 wrote to memory of 1268	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	43
PID 1952 wrote to memory of 1268	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	43
PID 1952 wrote to memory of 1268	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	43
PID 1952 wrote to memory of 1268	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	43
PID 1952 wrote to memory of 1564	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	45
PID 1952 wrote to memory of 1564	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	45
PID 1952 wrote to memory of 1564	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	45
PID 1952 wrote to memory of 1564	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	45
PID 1952 wrote to memory of 1700	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	47
PID 1952 wrote to memory of 1700	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	47
PID 1952 wrote to memory of 1700	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	47
PID 1952 wrote to memory of 1700	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	47
PID 1952 wrote to memory of 1732	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	49
PID 1952 wrote to memory of 1732	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	49
PID 1952 wrote to memory of 1732	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	49
PID 1952 wrote to memory of 1732	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	49
PID 1952 wrote to memory of 1620	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	51
PID 1952 wrote to memory of 1620	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	51
PID 1952 wrote to memory of 1620	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	51
PID 1952 wrote to memory of 1620	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	51
PID 1952 wrote to memory of 1744	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	53
PID 1952 wrote to memory of 1744	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	53
PID 1952 wrote to memory of 1744	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	53
PID 1952 wrote to memory of 1744	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	53
PID 1952 wrote to memory of 1772	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	55
PID 1952 wrote to memory of 1772	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	55
PID 1952 wrote to memory of 1772	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	55
PID 1952 wrote to memory of 1772	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	55
PID 1952 wrote to memory of 1152	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	57
PID 1952 wrote to memory of 1152	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	57
PID 1952 wrote to memory of 1152	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	57
PID 1952 wrote to memory of 1152	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	57
PID 1952 wrote to memory of 720	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	59
PID 1952 wrote to memory of 720	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	59
PID 1952 wrote to memory of 720	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	59
PID 1952 wrote to memory of 720	1952	78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe	59

C:\Users\Admin\AppData\Local\Temp\78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe
"C:\Users\Admin\AppData\Local\Temp\78626146fd42f1c8743d533de82bdd89cda5be94ac3a9b9f1a3f44d7e926181c.exe"
1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1916
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2032
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:692
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1544
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:932
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:304
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1472
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1268
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1564
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1700
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1732
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1620
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1744
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1772
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1152
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:720
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1496
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1748
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1684
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1216
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1584
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:956
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:768
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:632
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:316
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1752
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1352
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2000
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1784
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:900
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:848
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1572
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:284
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1372
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1240
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1964
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:832
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1348
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1792
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:828
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1616
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1608
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1316
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1884
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1820
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:776
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1764
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1168
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1344
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:872
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1296
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1660
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1880
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:852
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1824
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:836
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:668
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1012
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:760
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1612
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1320
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2044
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2056
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2104
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2152
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2196
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2240
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2288
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2332
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2376
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2420
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2464
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2508
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2552
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2596
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2648
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2692
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2736
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2780
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2824
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2868
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2912
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2956
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:3000
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:3044
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:1900
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2068
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2116
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2160
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2272
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2284
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2312
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2360
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2392
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2444
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2480
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2516
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2608
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2604
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2728
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2768
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2800
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2832
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2876
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2992
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:3040
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:3068
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2064
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2164
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2252
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2260
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:556
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:844
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2436
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2500
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:936
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2588
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2704
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2748
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2744
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2788
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2944
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:3036
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:3008
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2080
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2124
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2176
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2276
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2316
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2396
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2428
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2504
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:268
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2684
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2708
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2908
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:3012
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2996
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:1036
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2072
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2220
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2324
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2304
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2432
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2580
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2712
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2732
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2836
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2884
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:3052
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2112
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2232
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2264
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2484
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2532
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2592
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2616
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2904
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2968
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2976
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2148
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2136
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2268
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:1548
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2620
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  PID:2860
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM taskmgr.exe
  2⤵
  - Kills process with taskkill
  PID:2888

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads