54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da

General

Target

54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
Size

1.1MB
MD5

39f497b2105f95ecb36ea2915c63e5d1
SHA1

46d0194da9cbc26bb284e4d0fd75a27e9de7c02f
SHA256

54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da
SHA512

b1430b63be3e83b32473490da06da95ca562b914eead736a7b108b97ef160d08a37ec67a0d2006e2a31f88c6e5613ad7ebe88eddc48a4c78907554c15577b584
SSDEEP

24576:401tD/F2k78gfdqpcorMhs0YdWdfIHdsu:dngk78gtoYsTEGHu

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

pid	process
1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

description pid process

Token: SeDebugPrivilege 1884 54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

description	pid	process
Token: SeDebugPrivilege	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
"C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1884

C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
"C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe"
2⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
"C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe"
2⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
"C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe"
2⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
"C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe"
2⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
"C:\Users\Admin\AppData\Local\Temp\54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe"
2⤵
PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-0-0x0000000000320000-0x0000000000448000-memory.dmp

Filesize
1.2MB

Download
memory/1884-1-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download
memory/1884-2-0x0000000002280000-0x00000000022C0000-memory.dmp

Filesize
256KB

Download
memory/1884-3-0x0000000000BA0000-0x0000000000BB8000-memory.dmp

Filesize
96KB

Download
memory/1884-4-0x0000000000A90000-0x0000000000A96000-memory.dmp

Filesize
24KB

Download
memory/1884-5-0x0000000000C10000-0x0000000000C1A000-memory.dmp

Filesize
40KB

Download
memory/1884-6-0x0000000000270000-0x00000000002EC000-memory.dmp

Filesize
496KB

Download
memory/1884-7-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download
memory/1884-8-0x0000000002280000-0x00000000022C0000-memory.dmp

Filesize
256KB

Download
memory/1884-9-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 1884 wrote to memory of 2840	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2840	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2840	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2840	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2852	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2852	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2852	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2852	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2848	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2848	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2848	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2848	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2824	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2824	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2824	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2824	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2732	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2732	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2732	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe
PID 1884 wrote to memory of 2732	1884	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe	54ce95d725c09dd032c5ded51dc6e2a6640cfeafced81b587c61c9fe14d2a7da.exe

Analysis

Sharing