Malware Analysis Report

2025-03-15 03:52

Sample ID 230810-nzvjeaed4t
Target e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
Tags
fatalrat infostealer rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1

Threat Level: Known bad

The file e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1 was found to be: Known bad.

Malicious Activity Summary

fatalrat infostealer rat

FatalRat

Fatal Rat payload

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-10 11:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-10 11:50

Reported

2023-08-10 11:53

Platform

win7-20230712-en

Max time kernel

118s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe"

Signatures

FatalRat

infostealer rat fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

"C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe"

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

"C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe"

Network

Country Destination Domain Proto
MU 156.236.70.181:16553 tcp
MU 156.236.70.181:16553 tcp
MU 156.236.70.181:5858 tcp

Files

memory/2236-55-0x00000000004E0000-0x00000000005E0000-memory.dmp

memory/2236-56-0x0000000000140000-0x0000000000141000-memory.dmp

memory/2236-57-0x0000000010000000-0x0000000010031000-memory.dmp

memory/2236-58-0x0000000000900000-0x0000000000938000-memory.dmp

memory/2236-61-0x0000000000210000-0x000000000023A000-memory.dmp

\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

memory/2236-73-0x00000000004E0000-0x00000000005E0000-memory.dmp

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

memory/2256-75-0x00000000001B0000-0x00000000002B0000-memory.dmp

memory/2256-78-0x00000000007F0000-0x0000000000828000-memory.dmp

memory/2256-80-0x0000000000830000-0x000000000085A000-memory.dmp

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

memory/2256-86-0x00000000001B0000-0x00000000002B0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-10 11:50

Reported

2023-08-10 11:53

Platform

win10v2004-20230703-en

Max time kernel

127s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe"

Signatures

FatalRat

infostealer rat fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

"C:\Users\Admin\AppData\Local\Temp\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe"

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

"C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
MU 156.236.70.181:16553 tcp
US 8.8.8.8:53 254.158.241.8.in-addr.arpa udp
US 8.8.8.8:53 181.70.236.156.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
MU 156.236.70.181:16553 tcp
MU 156.236.70.181:5858 tcp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

memory/1900-134-0x0000000001540000-0x0000000001640000-memory.dmp

memory/1900-136-0x0000000010000000-0x0000000010031000-memory.dmp

memory/1900-135-0x00000000031F0000-0x00000000031F1000-memory.dmp

memory/1900-137-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1900-140-0x0000000003B80000-0x0000000003BAA000-memory.dmp

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

C:\Users\Admin\AppData\Local\e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1.exe

MD5 a341b3a7990a811f0666bc0bedefb1dd
SHA1 647b053c5308b18b9202c6133b9c85c72b611760
SHA256 e09a30a80a3dfc9ec7357358a61227815ef7cc3ae2bd07f7587cec0dc52d8ab1
SHA512 9860c5bc63097c3cbfd52eb26528750eb7925488218781c55cb4244fe4a426c5c05c193b16a5ac2624dd708cfe2265d84ef864e47a3fa1c9682139b5e011da73

memory/4916-158-0x0000000001060000-0x0000000001160000-memory.dmp

memory/4916-160-0x0000000003500000-0x0000000003538000-memory.dmp

memory/4916-163-0x0000000002B80000-0x0000000002BAA000-memory.dmp

memory/4916-168-0x0000000001060000-0x0000000001160000-memory.dmp