8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed

General

Target

8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
Size

373KB
MD5

449b01885bdc422df5db8fba9f3b35f6
SHA1

3cd4b7e51d2e97d377e558741219972f7417cfc6
SHA256

8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed
SHA512

629ddada620ef75f33b3c6d76e1d4f980cfcf93ac8e6d499ac20864dc3e4d716b8926a151304d0fdc6c095ae751c8599e947b67306f3c71812d324dcc0930072
SSDEEP

6144:Rsk//5YqSLwdhvCxvK+zB0n4bs5E1r0uKmP9j4yS8Vb6XG9MYFLI1bT2mrww:6k//+LWhvCKA042ERtmN8Vb6XYBF01bv

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

description	pid	process	target process
PID 2004 set thread context of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

pid	process
2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
1656	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

description	pid	process
Token: SeDebugPrivilege	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
Token: SeDebugPrivilege	1656	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

description	pid	process	target process
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
PID 2004 wrote to memory of 1656	2004	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe	8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe

C:\Users\Admin\AppData\Local\Temp\8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
"C:\Users\Admin\AppData\Local\Temp\8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2004

C:\Users\Admin\AppData\Local\Temp\8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe
"C:\Users\Admin\AppData\Local\Temp\8dd9a88624d1060766e6bcc594de63105aaab3a7be0f52fb83247cc2ad4c10ed.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-61-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-62-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-70-0x00000000746D0000-0x0000000074C7B000-memory.dmp

Filesize
5.7MB

Download
memory/1656-57-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-58-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-60-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-69-0x00000000746D0000-0x0000000074C7B000-memory.dmp

Filesize
5.7MB

Download
memory/1656-63-0x000000000046F99E-mapping.dmp

Download
memory/1656-67-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/1656-65-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2004-54-0x00000000753D1000-0x00000000753D3000-memory.dmp

Filesize
8KB

Download
memory/2004-55-0x00000000746D0000-0x0000000074C7B000-memory.dmp

Filesize
5.7MB

Download
memory/2004-56-0x00000000746D0000-0x0000000074C7B000-memory.dmp

Filesize
5.7MB

Download
memory/2004-71-0x00000000746D0000-0x0000000074C7B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads