3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e

General

Target

3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
Size

568KB
MD5

c323364e18bc8f3724b4c8aa07081aa1
SHA1

0019a588fd5a2c20bec073a36485d2395c51131a
SHA256

3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e
SHA512

38fda2f881ea3510c4338e496919c4570e62733cf4da14ef7f18167829301664f68932d101bffd34f989a6736c24aff85cea1a8417b467500a1f4351fdabd23d
SSDEEP

12288:RxlhuyrAoUSpGBLYKXCMJel7Nk70bZxZabizankOV8Xc40N5:RxlhJMVBLYKXC0el7w0bZHaeOnk4cO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe

pid	process
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe

description pid process

Token: SeDebugPrivilege 904 3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe

description	pid	process
Token: SeDebugPrivilege	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe

C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
"C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:904
- C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
  "C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
  2⤵
  PID:2000
- C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
  "C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
  2⤵
  PID:1196
- C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
  "C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
  2⤵
  PID:1268
- C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
  "C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
  2⤵
  PID:1996
- C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
  "C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
  2⤵
  PID:1500
- C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
  "C:\Users\Admin\AppData\Local\Temp\3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe"
  2⤵
  PID:1520
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
  dw20.exe -x -s 640
  2⤵
  PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/904-55-0x0000000074A40000-0x0000000074FEB000-memory.dmp

Filesize
5.7MB

Download
memory/904-58-0x0000000074A40000-0x0000000074FEB000-memory.dmp

Filesize
5.7MB

Download
memory/1508-56-0x0000000000000000-mapping.dmp

Download

description	pid	process	target process
PID 904 wrote to memory of 2000	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 2000	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 2000	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 2000	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1196	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1196	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1196	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1196	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1268	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1268	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1268	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1268	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1996	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1996	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1996	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1996	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1500	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1500	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1500	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1500	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1520	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1520	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1520	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1520	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe
PID 904 wrote to memory of 1508	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	dw20.exe
PID 904 wrote to memory of 1508	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	dw20.exe
PID 904 wrote to memory of 1508	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	dw20.exe
PID 904 wrote to memory of 1508	904	3c147fb846a956058d97aa94bb9eaf090e8df4bd53cd3edb79dcbb0efb1fed8e.exe	dw20.exe

Analysis

Sharing