52d4c9785ef46a412ea225c41757168d828d77058976963a9232ffa6bf0d9425

General

Target

e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
Size

1.6MB
MD5

170860057f4aad06ddbeea0ca2b3f1b6
SHA1

db04c735b769df458518f959ae7eca39cfa06213
SHA256

e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998
SHA512

f8bf57126bad026be2414121c798d5688119f06312404c35dea3f457deb717f6422291f5401178586fd23055577f893b4e6236e413c909e3b526c45d3b957766
SSDEEP

24576:uU7taDBzgNEfeEvFTMxdzYPh1ogay/zj1weNgcHFx5MpfTjU/c7jNXPohE:uU7PNBmMxdEvogdzxzHFx+pfTgE7VPI

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1680	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	28
PID 1204 wrote to memory of 1680	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	28
PID 1204 wrote to memory of 1680	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	28
PID 1204 wrote to memory of 1680	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	28
PID 1204 wrote to memory of 1360	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	29
PID 1204 wrote to memory of 1360	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	29
PID 1204 wrote to memory of 1360	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	29
PID 1204 wrote to memory of 1360	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	29
PID 1204 wrote to memory of 1912	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	30
PID 1204 wrote to memory of 1912	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	30
PID 1204 wrote to memory of 1912	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	30
PID 1204 wrote to memory of 1912	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	30
PID 1204 wrote to memory of 588	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	31
PID 1204 wrote to memory of 588	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	31
PID 1204 wrote to memory of 588	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	31
PID 1204 wrote to memory of 588	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	31
PID 1204 wrote to memory of 764	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	32
PID 1204 wrote to memory of 764	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	32
PID 1204 wrote to memory of 764	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	32
PID 1204 wrote to memory of 764	1204	e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe	32

C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
"C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
  "C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe"
  2⤵
  PID:1680
- C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
  "C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe"
  2⤵
  PID:1360
- C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
  "C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe"
  2⤵
  PID:1912
- C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
  "C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe"
  2⤵
  PID:588
- C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe
  "C:\Users\Admin\AppData\Local\Temp\e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998.exe"
  2⤵
  PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-54-0x0000000000100000-0x0000000000296000-memory.dmp

Filesize
1.6MB

Download
memory/1204-55-0x0000000004E10000-0x0000000004E50000-memory.dmp

Filesize
256KB

Download
memory/1204-56-0x00000000004D0000-0x00000000004E2000-memory.dmp

Filesize
72KB

Download
memory/1204-57-0x0000000004E10000-0x0000000004E50000-memory.dmp

Filesize
256KB

Download
memory/1204-58-0x0000000000740000-0x000000000074C000-memory.dmp

Filesize
48KB

Download
memory/1204-59-0x0000000005E80000-0x0000000005FB8000-memory.dmp

Filesize
1.2MB

Download
memory/1204-60-0x0000000005FC0000-0x0000000006170000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads