26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df

General

Target

26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
Size

1.9MB
MD5

bfa089edb97ae879925dbfa23d4374be
SHA1

f080370a3f8c07c2cfc48661caf734f6e053a83f
SHA256

26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df
SHA512

3e3b60c3914e8b53cc2c1364eecc53f881449ae4df9429c7435438c277872dcb787313623900a1b7ac28b3aadff41a804a6316f4b5ce75bc175d591d577b461d
SSDEEP

49152:3v+Xdh4YFvU1YOf7j/dHxQpa4rL5XOrcuY3J+pdtp93yokVX:6dh4YdCf7h2p7NmjwJ+pY

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

pid	process
1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

description pid process

Token: SeDebugPrivilege 1552 26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

description	pid	process
Token: SeDebugPrivilege	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
"C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1552

C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
"{path}"
2⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
"{path}"
2⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
"{path}"
2⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
"{path}"
2⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
"{path}"
2⤵
PID:676

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-54-0x0000000000310000-0x00000000004F4000-memory.dmp

Filesize
1.9MB

Download
memory/1552-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download
memory/1552-56-0x0000000000530000-0x0000000000542000-memory.dmp

Filesize
72KB

Download
memory/1552-57-0x0000000007F30000-0x00000000080D4000-memory.dmp

Filesize
1.6MB

Download
memory/1552-58-0x0000000005FE0000-0x0000000006132000-memory.dmp

Filesize
1.3MB

Download

description	pid	process	target process
PID 1552 wrote to memory of 1472	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1472	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1472	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1472	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1480	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1480	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1480	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1480	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1076	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1076	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1076	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 1076	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 592	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 592	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 592	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 592	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 676	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 676	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 676	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe
PID 1552 wrote to memory of 676	1552	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe	26fdffa14128573dcdd5d3b64724677e98d7646b623d1e6a7af1a193cca483df.exe

Analysis

Sharing