80bc6ec383ee353b77daa76a69f787507946c66f49bc6531b9d9dce1262c4e06

General

Target

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
Size

1.5MB
MD5

6866f4e7450d085b19ad1aa9adaca819
SHA1

4afc3a0de610f45dbf8eb83da2a16052c2a81b01
SHA256

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e
SHA512

4d35943770423afe92784836a0aeb2d69c6d929d6208b2d3bd5dd347f54a58e4bcc2e074fc8a930d0d6fbddc3dc4082b362aced683d81966ed488e22d7b9c7c8
SSDEEP

24576:NQIsq2Q2GOAO4fCCy7gtsICmEly/nDBRyqni3xbU4eWxDJ3YsXv6+tH9ZPz1:NQIsq2Q2GOAO4fCZ7YsL8/KqihAsxDJX

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

pid	process
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

description pid process

Token: SeDebugPrivilege 2148 93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

description	pid	process
Token: SeDebugPrivilege	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
"C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
C:\Users\Admin\AppData\Local\Temp\93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
2⤵
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-0-0x00000000002E0000-0x000000000045A000-memory.dmp

Filesize
1.5MB

Download
memory/2148-1-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download
memory/2148-2-0x00000000007B0000-0x000000000082A000-memory.dmp

Filesize
488KB

Download
memory/2148-3-0x0000000004B80000-0x0000000004BC0000-memory.dmp

Filesize
256KB

Download
memory/2148-4-0x0000000000730000-0x0000000000790000-memory.dmp

Filesize
384KB

Download
memory/2148-5-0x0000000002120000-0x0000000002180000-memory.dmp

Filesize
384KB

Download
memory/2148-6-0x0000000000880000-0x00000000008CC000-memory.dmp

Filesize
304KB

Download
memory/2148-7-0x00000000741D0000-0x00000000748BE000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 2148 wrote to memory of 1884	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 1884	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 1884	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 1884	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2892	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2892	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2892	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2892	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2312	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2312	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2312	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2312	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2392	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2392	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2392	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2392	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2108	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2108	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2108	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2108	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2424	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2424	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2424	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2424	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2356	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2356	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2356	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2356	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2340	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2340	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2340	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2340	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2680	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2680	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2680	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2680	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2716	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2716	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2716	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe
PID 2148 wrote to memory of 2716	2148	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe	93583dfa872b44e13e449cdfbbe20e64851dbe0e615f30b0313d2cb6a9b2309e.exe

Analysis

Sharing