e1c7bbb8d2741efb4b5357b1b65d14821ae4436e57c0aafc34e3852fa6083129

General

Target

427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
Size

1.4MB
MD5

34aa0ca40863c30653a0b6ba10d3daa2
SHA1

c5dbbc9a3f6d537ab49aeb89223810cd67c256f7
SHA256

427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9
SHA512

34e46909f3ea586033baa5f73ecbf1f5072f2d05cfaf77f6ab2535ee0798f01427b1e62719fc4026f4b38af03e445a33ff2deb22ef9817ab42e506cfb5cb10d2
SSDEEP

24576:O94Lauo2BLrZ6dj7Wd50QKQIsBJXkQsUc/i/Egj87qLom0Y5m6Uy:O/uHrZ6WPKQ5X0QsUN/EgQ7qEmv

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2740	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	30
PID 2076 wrote to memory of 2740	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	30
PID 2076 wrote to memory of 2740	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	30
PID 2076 wrote to memory of 2740	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	30
PID 2076 wrote to memory of 3060	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	31
PID 2076 wrote to memory of 3060	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	31
PID 2076 wrote to memory of 3060	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	31
PID 2076 wrote to memory of 3060	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	31
PID 2076 wrote to memory of 2052	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	32
PID 2076 wrote to memory of 2052	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	32
PID 2076 wrote to memory of 2052	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	32
PID 2076 wrote to memory of 2052	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	32
PID 2076 wrote to memory of 1408	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	33
PID 2076 wrote to memory of 1408	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	33
PID 2076 wrote to memory of 1408	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	33
PID 2076 wrote to memory of 1408	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	33
PID 2076 wrote to memory of 2160	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	34
PID 2076 wrote to memory of 2160	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	34
PID 2076 wrote to memory of 2160	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	34
PID 2076 wrote to memory of 2160	2076	427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe	34

C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
"C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
  "C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe"
  2⤵
  PID:2740
- C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
  "C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe"
  2⤵
  PID:3060
- C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
  "C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe"
  2⤵
  PID:2052
- C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
  "C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe"
  2⤵
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe
  "C:\Users\Admin\AppData\Local\Temp\427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9.exe"
  2⤵
  PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2076-54-0x00000000003D0000-0x000000000053C000-memory.dmp

Filesize
1.4MB

Download
memory/2076-55-0x0000000074980000-0x000000007506E000-memory.dmp

Filesize
6.9MB

Download
memory/2076-56-0x0000000004800000-0x0000000004840000-memory.dmp

Filesize
256KB

Download
memory/2076-57-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download
memory/2076-58-0x0000000074980000-0x000000007506E000-memory.dmp

Filesize
6.9MB

Download
memory/2076-59-0x0000000004800000-0x0000000004840000-memory.dmp

Filesize
256KB

Download
memory/2076-60-0x00000000005A0000-0x00000000005AC000-memory.dmp

Filesize
48KB

Download
memory/2076-61-0x0000000005C40000-0x0000000005D78000-memory.dmp

Filesize
1.2MB

Download
memory/2076-62-0x000000000A1D0000-0x000000000A380000-memory.dmp

Filesize
1.7MB

Download
memory/2076-63-0x0000000074980000-0x000000007506E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads