48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250

General

Target

48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
Size

855KB
MD5

6aa1e096f657f2d549e67579d7edb490
SHA1

fe36a9211ef9b8c35697c97addccc94a47223d7c
SHA256

48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250
SHA512

746c7ecce12b54aad4a0de9265690a2e860e4a87fddd1a6200f926d857b09cc9ec36da8be2252b0b9802078cab50db1bf6fd6cc1228851a917cfe159ad986ebc
SSDEEP

3072:15oQcAV8NrucfhvH8GLx99NhCHBd0vqV7S1zWnyzYmLZds2qHhHTYYzy6aWeTaAF:1uW

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

Processes:

48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

description	pid	process	target process
PID 1380 set thread context of 4644	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 4644 set thread context of 2992	4644	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

pid	process
1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

description	pid	process
Token: SeDebugPrivilege	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
Token: SeDebugPrivilege	2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

description	pid	process	target process
PID 1380 wrote to memory of 4644	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 1380 wrote to memory of 4644	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 1380 wrote to memory of 4644	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 1380 wrote to memory of 4644	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 1380 wrote to memory of 4644	1380	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 4644 wrote to memory of 2992	4644	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 4644 wrote to memory of 2992	4644	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 4644 wrote to memory of 2992	4644	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 4644 wrote to memory of 2992	4644	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 4644 wrote to memory of 2992	4644	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 2992 wrote to memory of 1916	2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 2992 wrote to memory of 1916	2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
PID 2992 wrote to memory of 1916	2992	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe	48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe

C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
"C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1380

C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4644

C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
C:\Users\Admin\AppData\Local\Temp\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe
4⤵
PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\48a8eafd9013ef1d61ce5b61601828f97c602531d9f7621af9bcbd4fffc72250.exe.log
Filesize
418B

MD5
98eea38457c9976c0ec48b5a70964041

SHA1
281ec6ada096be89ade13852ca86edfe42ffe3c1

SHA256
4a7455429d6f3c7390f97bc406d0bcc7d64ddff6bee5ffa9e88c5a75f806bfcf

SHA512
adb7bb4e1434d743932890aede4daa55c6e9f091415292775313dd172949fbd415f124c97e017a8204aab530b6184f196ab5cce005781b0853ffccc620f07530

Download Submit
memory/1380-132-0x0000000000AF0000-0x0000000000BCC000-memory.dmp

Filesize
880KB

Download
memory/1380-133-0x0000000005B00000-0x00000000060A4000-memory.dmp

Filesize
5.6MB

Download
memory/1380-134-0x00000000055F0000-0x0000000005682000-memory.dmp

Filesize
584KB

Download
memory/1380-135-0x0000000005580000-0x000000000558A000-memory.dmp

Filesize
40KB

Download
memory/1380-136-0x0000000007750000-0x00000000077EC000-memory.dmp

Filesize
624KB

Download
memory/1916-142-0x0000000000000000-mapping.dmp

Download
memory/2992-140-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2992-139-0x0000000000000000-mapping.dmp

Download
memory/4644-137-0x0000000000000000-mapping.dmp

Download
memory/4644-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads