edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d

General

Target

edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
Size

702KB
MD5

c6f9deba104844b38291fe0f4d0cf437
SHA1

098ea69b71f532aafcde042665dc0949a943726b
SHA256

edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d
SHA512

8f6930aef2ec04c7dba7bee42ea67c071e4004e96881fcd1bfcaaae15a29386031e1a3340738dd32c6f7b42bd415606fec077c87b97b06d1b37ed6b831ae3732
SSDEEP

12288:8W361h61EWGVGtvTWS7sDDwh2r6KpAH9eFU6I/wHCX98vT4O6yWR3EAmD:8bY7GVCpewK6ikMmZHgTuBd

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2696	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	28
PID 2980 wrote to memory of 2696	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	28
PID 2980 wrote to memory of 2696	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	28
PID 2980 wrote to memory of 2696	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	28
PID 2980 wrote to memory of 2700	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	29
PID 2980 wrote to memory of 2700	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	29
PID 2980 wrote to memory of 2700	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	29
PID 2980 wrote to memory of 2700	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	29
PID 2980 wrote to memory of 2732	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	30
PID 2980 wrote to memory of 2732	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	30
PID 2980 wrote to memory of 2732	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	30
PID 2980 wrote to memory of 2732	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	30
PID 2980 wrote to memory of 2736	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	31
PID 2980 wrote to memory of 2736	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	31
PID 2980 wrote to memory of 2736	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	31
PID 2980 wrote to memory of 2736	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	31
PID 2980 wrote to memory of 2684	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	32
PID 2980 wrote to memory of 2684	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	32
PID 2980 wrote to memory of 2684	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	32
PID 2980 wrote to memory of 2684	2980	edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe	32

C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
"C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
  "C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe"
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
  "C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe"
  2⤵
  PID:2700
- C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
  "C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe"
  2⤵
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
  "C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe"
  2⤵
  PID:2736
- C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe
  "C:\Users\Admin\AppData\Local\Temp\edc548d0cb336bfa46b4c11d75dbf8ef444c0272a69ef8911f017d8ba1bd386d.exe"
  2⤵
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x0000000000380000-0x0000000000436000-memory.dmp

Filesize
728KB

Download
memory/2980-1-0x00000000749C0000-0x00000000750AE000-memory.dmp

Filesize
6.9MB

Download
memory/2980-2-0x0000000005460000-0x00000000054A0000-memory.dmp

Filesize
256KB

Download
memory/2980-3-0x0000000000330000-0x0000000000340000-memory.dmp

Filesize
64KB

Download
memory/2980-4-0x0000000002050000-0x0000000002058000-memory.dmp

Filesize
32KB

Download
memory/2980-5-0x0000000002060000-0x000000000206A000-memory.dmp

Filesize
40KB

Download
memory/2980-6-0x0000000005390000-0x000000000540C000-memory.dmp

Filesize
496KB

Download
memory/2980-7-0x00000000749C0000-0x00000000750AE000-memory.dmp

Filesize
6.9MB

Download
memory/2980-8-0x0000000005460000-0x00000000054A0000-memory.dmp

Filesize
256KB

Download
memory/2980-9-0x00000000749C0000-0x00000000750AE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads