af2ff9bc5e9582e3301aea8cae68cb9fdea3e56b75dd57853c156c15757462d7

General

Target

18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
Size

1.5MB
MD5

581f51fd35e943a69a4c569fa8654736
SHA1

610e7579a996ea788ccb688a9dda9d4855a40a2d
SHA256

18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043
SHA512

8bb8ce0f096c5a08e2457c7039f0169ae312f850e8189e240176e7a4ccf4ba113efe9f3a19e4e282ff66b60e48b0e07127270da804e0192f5ef091f7ea9e03db
SSDEEP

24576:Xbj8B+M73OglQfGmzu7SulbydbwcLxTDkU9tMMkB5lO2dMqtX1uP:XX++tglKKPwbwcLh4otmB7ldMg1C

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 568	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	27
PID 932 wrote to memory of 568	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	27
PID 932 wrote to memory of 568	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	27
PID 932 wrote to memory of 568	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	27
PID 932 wrote to memory of 1132	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	28
PID 932 wrote to memory of 1132	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	28
PID 932 wrote to memory of 1132	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	28
PID 932 wrote to memory of 1132	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	28
PID 932 wrote to memory of 388	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	29
PID 932 wrote to memory of 388	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	29
PID 932 wrote to memory of 388	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	29
PID 932 wrote to memory of 388	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	29
PID 932 wrote to memory of 572	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	30
PID 932 wrote to memory of 572	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	30
PID 932 wrote to memory of 572	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	30
PID 932 wrote to memory of 572	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	30
PID 932 wrote to memory of 576	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	31
PID 932 wrote to memory of 576	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	31
PID 932 wrote to memory of 576	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	31
PID 932 wrote to memory of 576	932	18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe	31

C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
"C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:932
- C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
  "C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe"
  2⤵
  PID:568
- C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
  "C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe"
  2⤵
  PID:1132
- C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
  "C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe"
  2⤵
  PID:388
- C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
  "C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe"
  2⤵
  PID:572
- C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe
  "C:\Users\Admin\AppData\Local\Temp\18d8044858441edcc126e76dab8c868a23acabb9abf7bab966e4c3eb24f44043.exe"
  2⤵
  PID:576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/932-54-0x00000000002F0000-0x000000000046E000-memory.dmp

Filesize
1.5MB

Download
memory/932-55-0x00000000049A0000-0x00000000049E0000-memory.dmp

Filesize
256KB

Download
memory/932-56-0x00000000005B0000-0x00000000005C0000-memory.dmp

Filesize
64KB

Download
memory/932-57-0x00000000049A0000-0x00000000049E0000-memory.dmp

Filesize
256KB

Download
memory/932-58-0x00000000005C0000-0x00000000005CC000-memory.dmp

Filesize
48KB

Download
memory/932-59-0x00000000049A0000-0x00000000049E0000-memory.dmp

Filesize
256KB

Download
memory/932-60-0x0000000005BC0000-0x0000000005CF8000-memory.dmp

Filesize
1.2MB

Download
memory/932-61-0x000000000A240000-0x000000000A3F0000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads