6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179

General

Target

6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
Size

451KB
MD5

fe14b7552e26f8977d9b0cb423f89272
SHA1

a64f07f43ba5d24d25e424f857e396aa3c0b48ab
SHA256

6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179
SHA512

4af7b4bd6869ebdc66d297fe3d653d0f333b74ababe14a3cec345838803c8fe6a56e041ee2c9e3c2c935fe0d3ca736b46b8b930eab00d6352aad9f36bc293aab
SSDEEP

6144:puEEKwccv6H4+Ld2Y7sIEUmlpki3zF0wUw7BHBfD8b76Bbjnz+9Gs+mxKtZS:p9KcciJhowm0i3z2wFHBfI4bTzQYp

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

pid	process
1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

description pid process

Token: SeDebugPrivilege 1628 6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

description	pid	process
Token: SeDebugPrivilege	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
"C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
"C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe"
2⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
"C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe"
2⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
"C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe"
2⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
"C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe"
2⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
"C:\Users\Admin\AppData\Local\Temp\6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe"
2⤵
PID:952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1628-54-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/1628-55-0x0000000074CE0000-0x000000007528B000-memory.dmp

Filesize
5.7MB

Download
memory/1628-56-0x0000000074CE0000-0x000000007528B000-memory.dmp

Filesize
5.7MB

Download
memory/1628-57-0x0000000000166000-0x0000000000177000-memory.dmp

Filesize
68KB

Download

description	pid	process	target process
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1312	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1536	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 1780	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 976	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe
PID 1628 wrote to memory of 952	1628	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe	6d2aaf2122105080b7e781cc6b8e7c4045755c307ede96192b9de2bbd38e9179.exe

Analysis

Sharing