Malware Analysis Report

2025-03-15 03:55

Sample ID 230915-kgnrcsce22
Target 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
Tags
fatalrat gh0strat infostealer rat upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12

Threat Level: Known bad

The file 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12 was found to be: Known bad.

Malicious Activity Summary

fatalrat gh0strat infostealer rat upx

FatalRat

Gh0st RAT payload

Gh0strat

Fatal Rat payload

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

UPX packed file

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-15 08:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-15 08:34

Reported

2023-09-15 08:37

Platform

win10v2004-20230915-en

Max time kernel

143s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe"

Signatures

FatalRat

infostealer rat fatalrat

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

"C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe"

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

"C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe"

Network

Country Destination Domain Proto
CN 182.43.76.21:30360 tcp
US 8.8.8.8:53 21.76.43.182.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
GB 96.16.110.41:443 tcp
US 192.229.221.95:80 tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

memory/4888-0-0x0000000000400000-0x0000000000427200-memory.dmp

memory/4888-1-0x0000000010000000-0x000000001002B000-memory.dmp

memory/4888-3-0x0000000010000000-0x000000001002B000-memory.dmp

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

memory/4888-15-0x0000000000400000-0x0000000000427200-memory.dmp

memory/4888-17-0x0000000010000000-0x000000001002B000-memory.dmp

memory/672-20-0x0000000010000000-0x000000001002B000-memory.dmp

memory/672-22-0x0000000000400000-0x0000000000427200-memory.dmp

memory/672-24-0x0000000010000000-0x000000001002B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-15 08:34

Reported

2023-09-15 08:37

Platform

win7-20230831-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe"

Signatures

FatalRat

infostealer rat fatalrat

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Gh0strat

rat gh0strat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

"C:\Users\Admin\AppData\Local\Temp\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe"

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

"C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe"

Network

Country Destination Domain Proto
CN 182.43.76.21:30360 tcp

Files

memory/3012-0-0x0000000000400000-0x0000000000427200-memory.dmp

memory/3012-1-0x0000000010000000-0x000000001002B000-memory.dmp

memory/3012-3-0x0000000010000000-0x000000001002B000-memory.dmp

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

memory/3012-17-0x0000000000400000-0x0000000000427200-memory.dmp

memory/3012-16-0x0000000002670000-0x0000000002698000-memory.dmp

\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

memory/3012-20-0x0000000010000000-0x000000001002B000-memory.dmp

memory/3008-21-0x0000000000400000-0x0000000000427200-memory.dmp

memory/3008-23-0x0000000010000000-0x000000001002B000-memory.dmp

C:\Users\Admin\AppData\Local\60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12.exe

MD5 2eaa973156357628d59acfc550f9f550
SHA1 191afca726c49a5666f2a29ab44b9c3d5c8c6246
SHA256 60bc990b3a74ed7ee10a303e5319e4fc01d2e788fda90b490d31c007de549f12
SHA512 2565e8618e22b93f56ff4b7ac70d5a8517a4ddf606f93cc2b41031aee96756a662d905189f2782d7eaabd60638ff515d82d2cfb3e4802a3c45cd5648d3e2de82

memory/3008-26-0x0000000000400000-0x0000000000427200-memory.dmp

memory/3008-28-0x0000000010000000-0x000000001002B000-memory.dmp