664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366

General

Target

664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
Size

791KB
MD5

a240dfc9ce7cd0a194fcc03553557c10
SHA1

45c9b2a35b498224140fbbe17d1953a13d640582
SHA256

664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366
SHA512

24d558f4676b3e8c6412b2b6bbba951f8b43671f5fc539af2ebf884e39f5f6f1d74450af12a9ba12c924447b57e0e98189ff9468ec7a88ef04134e59091c3992
SSDEEP

12288:y6wygSRdBb/+ka0TUMDzMi1ZayChpyPadwiTEEL43tz:5bC0AMzjJChpySd1ETtz

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe

pid	process
1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe

description	pid	process
Token: SeDebugPrivilege	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
Token: 33	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
Token: SeIncBasePriorityPrivilege	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe

C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
"C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1044

C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
"C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe"
2⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
"C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe"
2⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
"C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe"
2⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
"C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe"
2⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
"C:\Users\Admin\AppData\Local\Temp\664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe"
2⤵
PID:1696

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-54-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download
memory/1044-55-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download
memory/1044-56-0x0000000074840000-0x0000000074DEB000-memory.dmp

Filesize
5.7MB

Download

description	pid	process	target process
PID 1044 wrote to memory of 1620	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1620	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1620	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1620	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1616	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1616	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1616	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1616	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1696	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1696	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1696	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 1696	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe
PID 1044 wrote to memory of 612	1044	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe	664f2237eb84898f8495e95e46e3d9efa0b2ecbfea121d4ef2498e90a565a366.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads