ecb3d88e4ad2cbd22a6d888de32ef236e217b25101123a4767b11656e23ed1ba

General

Target

1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
Size

852KB
MD5

d42cd95f4bc95f02825a48054c2bc1d2
SHA1

edf9a330fe6a0ab953097a573e171ea9a40fe40d
SHA256

1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51
SHA512

ead96568d9707a246ae310737daa2fd7edf4f4c991d339eb8e20ecba7d32705b4ea6893c26f53d9c1520d1391b63e5b0faedaf69385473314afd21297c156cfd
SSDEEP

12288:eH4XxAtOc6iyk7k27IB9mxzMefPXgq1fQu+78rjuLdvWhgzigSLwkVy5A5I4h:j6Uc6i9IKcpeXRdQD0j65egSLlyO5IK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 572	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	28
PID 1220 wrote to memory of 572	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	28
PID 1220 wrote to memory of 572	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	28
PID 1220 wrote to memory of 572	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	28
PID 1220 wrote to memory of 760	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	29
PID 1220 wrote to memory of 760	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	29
PID 1220 wrote to memory of 760	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	29
PID 1220 wrote to memory of 760	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	29
PID 1220 wrote to memory of 940	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	30
PID 1220 wrote to memory of 940	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	30
PID 1220 wrote to memory of 940	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	30
PID 1220 wrote to memory of 940	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	30
PID 1220 wrote to memory of 588	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	31
PID 1220 wrote to memory of 588	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	31
PID 1220 wrote to memory of 588	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	31
PID 1220 wrote to memory of 588	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	31
PID 1220 wrote to memory of 676	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	32
PID 1220 wrote to memory of 676	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	32
PID 1220 wrote to memory of 676	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	32
PID 1220 wrote to memory of 676	1220	1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe	32

C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
"C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
  "C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe"
  2⤵
  PID:572
- C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
  "C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe"
  2⤵
  PID:760
- C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
  "C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe"
  2⤵
  PID:940
- C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
  "C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe"
  2⤵
  PID:588
- C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe
  "C:\Users\Admin\AppData\Local\Temp\1fc2c7b3f3a14a3000e0987519317194f397340352ce23b12e7ae1bcfbb75c51.exe"
  2⤵
  PID:676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1220-54-0x00000000003F0000-0x00000000004CC000-memory.dmp

Filesize
880KB

Download
memory/1220-55-0x0000000001F30000-0x0000000001F70000-memory.dmp

Filesize
256KB

Download
memory/1220-56-0x0000000000330000-0x0000000000340000-memory.dmp

Filesize
64KB

Download
memory/1220-57-0x0000000001F30000-0x0000000001F70000-memory.dmp

Filesize
256KB

Download
memory/1220-58-0x00000000003D0000-0x00000000003DC000-memory.dmp

Filesize
48KB

Download
memory/1220-59-0x00000000057D0000-0x000000000587C000-memory.dmp

Filesize
688KB

Download
memory/1220-60-0x0000000005880000-0x00000000058F6000-memory.dmp

Filesize
472KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads