62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5

General

Target

62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
Size

1.0MB
MD5

699903a49141a073a22b16c3da6207d0
SHA1

084748c6df44572f1e99b91f5fbb23d409235634
SHA256

62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5
SHA512

06ced7a5965e5310b8a5fccc1dbbc080d4d69f4fd066eb9a949c5a84258831154eb90ff53cce95185b081688ac09202ddb80506ddb35292d77660fc1fb9506b2
SSDEEP

12288:KGKhkZ5gQ6rESOfMKTpTuwY1Et8sZHnFgEOeCRhUG5Kx:K/K/gQEaM8pTuwY1EGSlgEOeCAGi

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2084	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	28
PID 1916 wrote to memory of 2084	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	28
PID 1916 wrote to memory of 2084	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	28
PID 1916 wrote to memory of 2084	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	28
PID 1916 wrote to memory of 2252	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	29
PID 1916 wrote to memory of 2252	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	29
PID 1916 wrote to memory of 2252	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	29
PID 1916 wrote to memory of 2252	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	29
PID 1916 wrote to memory of 2264	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	30
PID 1916 wrote to memory of 2264	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	30
PID 1916 wrote to memory of 2264	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	30
PID 1916 wrote to memory of 2264	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	30
PID 1916 wrote to memory of 3000	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	31
PID 1916 wrote to memory of 3000	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	31
PID 1916 wrote to memory of 3000	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	31
PID 1916 wrote to memory of 3000	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	31
PID 1916 wrote to memory of 2552	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	32
PID 1916 wrote to memory of 2552	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	32
PID 1916 wrote to memory of 2552	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	32
PID 1916 wrote to memory of 2552	1916	62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe	32

C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
"C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
  "C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe"
  2⤵
  PID:2084
- C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
  "C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe"
  2⤵
  PID:2252
- C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
  "C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe"
  2⤵
  PID:2264
- C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
  "C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe"
  2⤵
  PID:3000
- C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe
  "C:\Users\Admin\AppData\Local\Temp\62aa587a79fc01b534bc78f2fd609434841c9933056ff90a985883f1b02be5a5.exe"
  2⤵
  PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1916-0-0x0000000000380000-0x0000000000490000-memory.dmp

Filesize
1.1MB

Download
memory/1916-1-0x00000000748C0000-0x0000000074FAE000-memory.dmp

Filesize
6.9MB

Download
memory/1916-2-0x00000000050E0000-0x0000000005120000-memory.dmp

Filesize
256KB

Download
memory/1916-3-0x0000000000890000-0x00000000008AA000-memory.dmp

Filesize
104KB

Download
memory/1916-4-0x00000000008B0000-0x00000000008B8000-memory.dmp

Filesize
32KB

Download
memory/1916-5-0x00000000008C0000-0x00000000008CA000-memory.dmp

Filesize
40KB

Download
memory/1916-6-0x0000000005C60000-0x0000000005CDC000-memory.dmp

Filesize
496KB

Download
memory/1916-7-0x00000000748C0000-0x0000000074FAE000-memory.dmp

Filesize
6.9MB

Download
memory/1916-8-0x00000000050E0000-0x0000000005120000-memory.dmp

Filesize
256KB

Download
memory/1916-9-0x00000000748C0000-0x0000000074FAE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads