59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Size

1.2MB
MD5

7c8c74a8626f40a3757ca14d82344754
SHA1

4e42062b48ddf1ba7cddad983964791f73bc5359
SHA256

59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9
SHA512

7ba6d5c9aa71758ac9b2033470f0c138d7e35e7827e9077aba4c01febdfa23ff2d087cd0302162e68b83d7112986884a510ec9ff5b19d864be25c7afbbc0c5a6
SSDEEP

3072:niNNzHy8upR2SDfhtPTnmQZpKVeLUDNn+pSfRW/Lz0lnmJqSDmIK57fD6SXm/Mls:ppRFz3

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	2312	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	444	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3916	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3824	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4480	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	224	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1688	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1496	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4888	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2956	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4752	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3776	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1136	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3656	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3116	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1312	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	932	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2584	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3000	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2716	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2284	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2384	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4776	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4012	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3396	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	756	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3252	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2948	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4620	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4204	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	448	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	176	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3024	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2620	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	2540	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4336	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4596	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1688	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1196	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	5080	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	692	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	1476	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4732	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	3064	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
Token: SeDebugPrivilege	4244	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 3468	2312	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	82
PID 2312 wrote to memory of 3468	2312	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	82
PID 3468 wrote to memory of 444	3468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	84
PID 3468 wrote to memory of 444	3468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	84
PID 444 wrote to memory of 3916	444	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	86
PID 444 wrote to memory of 3916	444	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	86
PID 3916 wrote to memory of 3824	3916	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	89
PID 3916 wrote to memory of 3824	3916	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	89
PID 3824 wrote to memory of 4480	3824	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	90
PID 3824 wrote to memory of 4480	3824	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	90
PID 4480 wrote to memory of 224	4480	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	91
PID 4480 wrote to memory of 224	4480	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	91
PID 224 wrote to memory of 1688	224	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	93
PID 224 wrote to memory of 1688	224	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	93
PID 1688 wrote to memory of 1496	1688	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	94
PID 1688 wrote to memory of 1496	1688	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	94
PID 1496 wrote to memory of 4888	1496	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	95
PID 1496 wrote to memory of 4888	1496	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	95
PID 4888 wrote to memory of 2956	4888	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	96
PID 4888 wrote to memory of 2956	4888	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	96
PID 2956 wrote to memory of 4752	2956	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	97
PID 2956 wrote to memory of 4752	2956	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	97
PID 4752 wrote to memory of 3776	4752	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	98
PID 4752 wrote to memory of 3776	4752	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	98
PID 3776 wrote to memory of 1136	3776	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	99
PID 3776 wrote to memory of 1136	3776	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	99
PID 1136 wrote to memory of 3656	1136	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	100
PID 1136 wrote to memory of 3656	1136	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	100
PID 3656 wrote to memory of 3116	3656	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	101
PID 3656 wrote to memory of 3116	3656	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	101
PID 3116 wrote to memory of 3632	3116	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	102
PID 3116 wrote to memory of 3632	3116	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	102
PID 3632 wrote to memory of 1312	3632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	103
PID 3632 wrote to memory of 1312	3632	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	103
PID 1312 wrote to memory of 2520	1312	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	104
PID 1312 wrote to memory of 2520	1312	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	104
PID 2520 wrote to memory of 932	2520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	105
PID 2520 wrote to memory of 932	2520	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	105
PID 932 wrote to memory of 2584	932	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	106
PID 932 wrote to memory of 2584	932	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	106
PID 2584 wrote to memory of 3000	2584	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	107
PID 2584 wrote to memory of 3000	2584	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	107
PID 3000 wrote to memory of 2716	3000	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	108
PID 3000 wrote to memory of 2716	3000	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	108
PID 2716 wrote to memory of 2284	2716	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	109
PID 2716 wrote to memory of 2284	2716	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	109
PID 2284 wrote to memory of 2384	2284	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	110
PID 2284 wrote to memory of 2384	2284	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	110
PID 2384 wrote to memory of 4776	2384	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	111
PID 2384 wrote to memory of 4776	2384	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	111
PID 4776 wrote to memory of 4012	4776	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	112
PID 4776 wrote to memory of 4012	4776	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	112
PID 4012 wrote to memory of 3396	4012	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	113
PID 4012 wrote to memory of 3396	4012	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	113
PID 3396 wrote to memory of 756	3396	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	114
PID 3396 wrote to memory of 756	3396	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	114
PID 756 wrote to memory of 3252	756	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	115
PID 756 wrote to memory of 3252	756	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	115
PID 3252 wrote to memory of 2948	3252	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	116
PID 3252 wrote to memory of 2948	3252	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	116
PID 2948 wrote to memory of 4468	2948	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	117
PID 2948 wrote to memory of 4468	2948	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	117
PID 4468 wrote to memory of 4620	4468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	118
PID 4468 wrote to memory of 4620	4468	59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe	118

C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
"C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
  C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3468
- - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
    C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:444
  - - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
      C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        9⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        10⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        11⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        12⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        13⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        14⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        15⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        16⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        17⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        18⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        19⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        20⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        21⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        22⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        23⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        24⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        25⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        26⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        27⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        28⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        29⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        30⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        31⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        32⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:176
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        40⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        44⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        45⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        47⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        48⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        49⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        
        C:\Users\Admin\AppData\Local\Temp\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe
        50⤵
        
        PID:3680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\59e511172e6c7514de3f22230a397492c89390d1e2da03dd6a0d6080ac63b0a9.exe.log

Filesize
224B

MD5
1e4f2a29e11dead55e61329942cd2b14

SHA1
4b3ec9b98797d2f734d67b47cc149546f21cf0af

SHA256
28bbb0da12bd69adc9df324c01392655b788115aba7466f02c23e1ba09f789d4

SHA512
2e28227d898486bfe1cea081df486464b214df50500786e30d6ee9e7d6391f3aacd2f1ed1d0eab60d518bbc79f20f32c226f00ffd70abfe9af45a746cb08416c

Download Submit
memory/176-203-0x000000001BCB0000-0x000000001C6E6000-memory.dmp

Filesize
10.2MB

Download
memory/224-145-0x000000001B990000-0x000000001C3C6000-memory.dmp

Filesize
10.2MB

Download
memory/444-137-0x00007FFDE38D0000-0x00007FFDE4306000-memory.dmp

Filesize
10.2MB

Download
memory/448-201-0x000000001B520000-0x000000001BF56000-memory.dmp

Filesize
10.2MB

Download
memory/692-221-0x000000001B940000-0x000000001C376000-memory.dmp

Filesize
10.2MB

Download
memory/756-189-0x000000001B750000-0x000000001C186000-memory.dmp

Filesize
10.2MB

Download
memory/932-171-0x000000001B8D0000-0x000000001C306000-memory.dmp

Filesize
10.2MB

Download
memory/1136-159-0x000000001B5A0000-0x000000001BFD6000-memory.dmp

Filesize
10.2MB

Download
memory/1196-217-0x000000001B2C0000-0x000000001BCF6000-memory.dmp

Filesize
10.2MB

Download
memory/1312-167-0x000000001BFA0000-0x000000001C9D6000-memory.dmp

Filesize
10.2MB

Download
memory/1476-223-0x000000001BC00000-0x000000001C636000-memory.dmp

Filesize
10.2MB

Download
memory/1496-149-0x000000001B9D0000-0x000000001C406000-memory.dmp

Filesize
10.2MB

Download
memory/1688-215-0x000000001BAB0000-0x000000001C4E6000-memory.dmp

Filesize
10.2MB

Download
memory/1688-147-0x000000001BA90000-0x000000001C4C6000-memory.dmp

Filesize
10.2MB

Download
memory/2284-179-0x000000001B3B0000-0x000000001BDE6000-memory.dmp

Filesize
10.2MB

Download
memory/2312-132-0x00007FFDE3810000-0x00007FFDE4246000-memory.dmp

Filesize
10.2MB

Download
memory/2384-181-0x000000001BBE0000-0x000000001C616000-memory.dmp

Filesize
10.2MB

Download
memory/2520-169-0x000000001B5A0000-0x000000001BFD6000-memory.dmp

Filesize
10.2MB

Download
memory/2540-209-0x000000001B860000-0x000000001C296000-memory.dmp

Filesize
10.2MB

Download
memory/2584-173-0x000000001B270000-0x000000001BCA6000-memory.dmp

Filesize
10.2MB

Download
memory/2620-207-0x000000001B370000-0x000000001BDA6000-memory.dmp

Filesize
10.2MB

Download
memory/2716-177-0x000000001BB20000-0x000000001C556000-memory.dmp

Filesize
10.2MB

Download
memory/2948-193-0x000000001B9A0000-0x000000001C3D6000-memory.dmp

Filesize
10.2MB

Download
memory/2956-153-0x000000001BD50000-0x000000001C786000-memory.dmp

Filesize
10.2MB

Download
memory/3000-175-0x000000001BBB0000-0x000000001C5E6000-memory.dmp

Filesize
10.2MB

Download
memory/3024-205-0x000000001BD40000-0x000000001C776000-memory.dmp

Filesize
10.2MB

Download
memory/3064-227-0x00007FFDE3840000-0x00007FFDE4276000-memory.dmp

Filesize
10.2MB

Download
memory/3116-163-0x000000001B350000-0x000000001BD86000-memory.dmp

Filesize
10.2MB

Download
memory/3252-191-0x000000001B640000-0x000000001C076000-memory.dmp

Filesize
10.2MB

Download
memory/3396-187-0x000000001BAA0000-0x000000001C4D6000-memory.dmp

Filesize
10.2MB

Download
memory/3468-135-0x00007FFDE3810000-0x00007FFDE4246000-memory.dmp

Filesize
10.2MB

Download
memory/3632-165-0x000000001B8F0000-0x000000001C326000-memory.dmp

Filesize
10.2MB

Download
memory/3656-161-0x000000001B320000-0x000000001BD56000-memory.dmp

Filesize
10.2MB

Download
memory/3680-231-0x00007FFDE3840000-0x00007FFDE4276000-memory.dmp

Filesize
10.2MB

Download
memory/3776-157-0x000000001BFB0000-0x000000001C9E6000-memory.dmp

Filesize
10.2MB

Download
memory/3824-141-0x000000001B9A0000-0x000000001C3D6000-memory.dmp

Filesize
10.2MB

Download
memory/3916-139-0x00007FFDE38D0000-0x00007FFDE4306000-memory.dmp

Filesize
10.2MB

Download
memory/4012-185-0x000000001BB40000-0x000000001C576000-memory.dmp

Filesize
10.2MB

Download
memory/4204-199-0x000000001BB90000-0x000000001C5C6000-memory.dmp

Filesize
10.2MB

Download
memory/4244-229-0x00007FFDE3840000-0x00007FFDE4276000-memory.dmp

Filesize
10.2MB

Download
memory/4336-211-0x000000001BE30000-0x000000001C866000-memory.dmp

Filesize
10.2MB

Download
memory/4468-195-0x000000001C0C0000-0x000000001CAF6000-memory.dmp

Filesize
10.2MB

Download
memory/4480-143-0x000000001B8D0000-0x000000001C306000-memory.dmp

Filesize
10.2MB

Download
memory/4596-213-0x000000001B600000-0x000000001C036000-memory.dmp

Filesize
10.2MB

Download
memory/4620-197-0x000000001B4B0000-0x000000001BEE6000-memory.dmp

Filesize
10.2MB

Download
memory/4732-225-0x00007FFDE3840000-0x00007FFDE4276000-memory.dmp

Filesize
10.2MB

Download
memory/4752-155-0x000000001C150000-0x000000001CB86000-memory.dmp

Filesize
10.2MB

Download
memory/4776-183-0x000000001B190000-0x000000001BBC6000-memory.dmp

Filesize
10.2MB

Download
memory/4888-151-0x000000001B590000-0x000000001BFC6000-memory.dmp

Filesize
10.2MB

Download
memory/5080-219-0x000000001BC50000-0x000000001C686000-memory.dmp

Filesize
10.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads