198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4d

General

Target

198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
Size

699KB
MD5

9a3cb6c4e08b0a2fc307a5eec8a3a686
SHA1

bdfcb97ebec40154f9cb348127099c964b41f098
SHA256

198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4d
SHA512

7fa78e212d40fe314d33e6ef43a048ab26a1286e6250ccd675cb2ecbfb2de9b81b869dd5de17ee5118d7d2f948d53b3ebce8a81bd52070ca47b2b9259e52b3c9
SSDEEP

12288:t+uZFr8YmJ+37MZaFOgf+OQSIYOcvg4uKfeN6XTHLt/WnkVYEUm972OQ:t+uX8YmQ37MZaOO3ycv1uKjXPtwkam9e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2804	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	30
PID 2556 wrote to memory of 2804	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	30
PID 2556 wrote to memory of 2804	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	30
PID 2556 wrote to memory of 2804	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	30
PID 2556 wrote to memory of 2812	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	31
PID 2556 wrote to memory of 2812	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	31
PID 2556 wrote to memory of 2812	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	31
PID 2556 wrote to memory of 2812	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	31
PID 2556 wrote to memory of 2868	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	32
PID 2556 wrote to memory of 2868	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	32
PID 2556 wrote to memory of 2868	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	32
PID 2556 wrote to memory of 2868	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	32
PID 2556 wrote to memory of 2872	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	33
PID 2556 wrote to memory of 2872	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	33
PID 2556 wrote to memory of 2872	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	33
PID 2556 wrote to memory of 2872	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	33
PID 2556 wrote to memory of 2896	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	34
PID 2556 wrote to memory of 2896	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	34
PID 2556 wrote to memory of 2896	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	34
PID 2556 wrote to memory of 2896	2556	198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe	34

C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe"
  2⤵
  PID:2804
- C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe"
  2⤵
  PID:2812
- C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe"
  2⤵
  PID:2868
- C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe"
  2⤵
  PID:2872
- C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\198a27bb3eafb16e85363be12dc849311bc4e25043794c5ee1364f2422dbdf4dexe_JC.exe"
  2⤵
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2556-54-0x00000000003B0000-0x0000000000464000-memory.dmp

Filesize
720KB

Download
memory/2556-55-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2556-56-0x0000000000A40000-0x0000000000A80000-memory.dmp

Filesize
256KB

Download
memory/2556-57-0x0000000000650000-0x0000000000662000-memory.dmp

Filesize
72KB

Download
memory/2556-58-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download
memory/2556-59-0x0000000000690000-0x0000000000698000-memory.dmp

Filesize
32KB

Download
memory/2556-60-0x00000000006A0000-0x00000000006AA000-memory.dmp

Filesize
40KB

Download
memory/2556-61-0x00000000057A0000-0x0000000005816000-memory.dmp

Filesize
472KB

Download
memory/2556-62-0x00000000740F0000-0x00000000747DE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads