b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda

General

Target

b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
Size

733KB
MD5

8d372279da02e0a9ff014bc1946d6fa6
SHA1

568a984793509cdbe947d4069f8a13a783a58105
SHA256

b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda
SHA512

465753cadeb8367e4d149ef4691e20f84096d7ae1c1a919be1e285ce4ef82dfa5fb214ca9b3c3b5b44c935d60c0d904c8b2fc882b57b4613b232510e6566234a
SSDEEP

12288:l0BwMz4oOlNe4r/L3VTHfVHBbdv9Qu3dfp2udF39E1uq6MS43w/szenK41Saa2k:d7LVHDbdviCfnTN3qpS4mkeK4S

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

pid	process
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

description pid process

Token: SeDebugPrivilege 1768 b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

description	pid	process
Token: SeDebugPrivilege	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
"C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1768

C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
"C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe"
2⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
"C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe"
2⤵
PID:516

C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
"C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe"
2⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
"C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe"
2⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
"C:\Users\Admin\AppData\Local\Temp\b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe"
2⤵
PID:560

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1768-55-0x0000000073F00000-0x00000000744AB000-memory.dmp

Filesize
5.7MB

Download
memory/1768-56-0x0000000073F00000-0x00000000744AB000-memory.dmp

Filesize
5.7MB

Download

description	pid	process	target process
PID 1768 wrote to memory of 1108	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1108	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1108	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1108	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 516	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 516	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 516	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 516	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 664	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 664	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 664	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 664	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1428	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1428	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1428	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 1428	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 560	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 560	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 560	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe
PID 1768 wrote to memory of 560	1768	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe	b3ac56ebf9a8ccb240208e2f5d8ea903aedd6e001845432fc980a04da8e42bda.exe

Analysis

Sharing