7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33

General

Target

7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
Size

112KB
MD5

24781c1e54454da853bef89a12b65975
SHA1

af8c5e592f28b6e017c38303a984cc4be5ff85ab
SHA256

7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33
SHA512

6e087498aed8ad8c197ad85580ad821df27ca4b6d42a4b4618499135290477401fea9accf792a850b4e92a99226867cb83d3f5d3be1d71afab5a0d6bf497a459
SSDEEP

3072:S1HEqBlf7xpQgWqpbE8K2I/ojRR6o55G5+8uHFbN:AHEqBlfVpQgWgbE8KMn6o55G5+XN

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4192 set thread context of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
Token: SeDebugPrivilege	2976	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2976	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2976	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66
PID 4192 wrote to memory of 2976	4192	7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe	66

C:\Users\Admin\AppData\Local\Temp\7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
"C:\Users\Admin\AppData\Local\Temp\7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Users\Admin\AppData\Local\Temp\7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
  C:\Users\Admin\AppData\Local\Temp\7f0298fe79b3d4ea8293eceac1555ee8abeabbfca24d39fac5447ac0e1448c33.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2976-131-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2976-141-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2976-139-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2976-137-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2976-136-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2976-134-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2976-133-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/4192-124-0x0000000005810000-0x000000000581A000-memory.dmp

Filesize
40KB

Download
memory/4192-128-0x0000000008820000-0x00000000088B2000-memory.dmp

Filesize
584KB

Download
memory/4192-129-0x00000000088E0000-0x0000000008902000-memory.dmp

Filesize
136KB

Download
memory/4192-130-0x0000000008910000-0x0000000008C60000-memory.dmp

Filesize
3.3MB

Download
memory/4192-127-0x0000000008790000-0x0000000008820000-memory.dmp

Filesize
576KB

Download
memory/4192-126-0x00000000082E0000-0x0000000008604000-memory.dmp

Filesize
3.1MB

Download
memory/4192-125-0x0000000005830000-0x0000000005836000-memory.dmp

Filesize
24KB

Download
memory/4192-120-0x0000000000E40000-0x0000000000E5E000-memory.dmp

Filesize
120KB

Download
memory/4192-123-0x0000000005680000-0x0000000005690000-memory.dmp

Filesize
64KB

Download
memory/4192-122-0x0000000005890000-0x0000000005922000-memory.dmp

Filesize
584KB

Download
memory/4192-121-0x0000000005CF0000-0x00000000061EE000-memory.dmp

Filesize
5.0MB

Download

Analysis

Sharing