c0ea651792b542e8351013eab9d1458998d9c780f8f6c2bd9012d987d6c88046

General

Target

0d272611f260b36b2941118305c484ae.exe
Size

3.9MB
MD5

0d272611f260b36b2941118305c484ae
SHA1

a6c000869df8194c41f4db08e237d7838de26f28
SHA256

c0ea651792b542e8351013eab9d1458998d9c780f8f6c2bd9012d987d6c88046
SHA512

02fab02e03a90bcc91fe88e56c66ab34270b9161479254f4eaa50ad6c0488a71fd200705c0f5d8658d1d97807cc99eea579ff14d5e209165ab8b701d5593164e
SSDEEP

98304:YOd7fTYG3193fJLBl2sMqi+ClAFNy58MXbMxB:5pX93xLxxi+xFNy5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4536	0d272611f260b36b2941118305c484ae.exe
4536	0d272611f260b36b2941118305c484ae.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4536	0d272611f260b36b2941118305c484ae.exe

C:\Users\Admin\AppData\Local\Temp\0d272611f260b36b2941118305c484ae.exe
"C:\Users\Admin\AppData\Local\Temp\0d272611f260b36b2941118305c484ae.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4536
- C:\Users\Admin\AppData\Local\Temp\AutoUpdateSign.exe
  "C:\Users\Admin\AppData\Local\Temp\AutoUpdateSign.exe" FPT.SIGN
  2⤵
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\FPT.SIGN.exe
    "C:\Users\Admin\AppData\Local\Temp\FPT.SIGN.exe"
    3⤵
    PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" times.ttf "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" WindowsBase.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" MetroFramework.Fonts.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" MetroFramework.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" MetroFramework.Design.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" itextsharp.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" C1.Win.C1Input.2.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" C1.Win.C1Command.2.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" C1.Win.2.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" Interop.IWshRuntimeLibrary.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys
      C:\Users\Admin\AppData\Local\Temp\$Temp\extractor.sys e -ep "C:\Users\Admin\AppData\Local\Temp\DLL.rar" BaoPQAP.dll "C:\Users\Admin\AppData\Local\Temp" /o+
      4⤵
      PID:4340
  - - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 2640
      4⤵
      PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-84-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2412-68-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2616-76-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3008-23-0x0000000000F60000-0x0000000000F70000-memory.dmp

Filesize
64KB

Download
memory/3008-31-0x0000000075520000-0x0000000075AD1000-memory.dmp

Filesize
5.7MB

Download
memory/3008-22-0x0000000075520000-0x0000000075AD1000-memory.dmp

Filesize
5.7MB

Download
memory/3008-24-0x0000000075520000-0x0000000075AD1000-memory.dmp

Filesize
5.7MB

Download
memory/3400-60-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/3520-30-0x00007FFE986D0000-0x00007FFE99071000-memory.dmp

Filesize
9.6MB

Download
memory/3520-108-0x00007FFE986D0000-0x00007FFE99071000-memory.dmp

Filesize
9.6MB

Download
memory/3520-101-0x000000001D220000-0x000000001D22C000-memory.dmp

Filesize
48KB

Download
memory/3520-98-0x000000001C330000-0x000000001C340000-memory.dmp

Filesize
64KB

Download
memory/3520-88-0x000000001FFD0000-0x0000000020142000-memory.dmp

Filesize
1.4MB

Download
memory/3520-32-0x0000000001090000-0x00000000010A0000-memory.dmp

Filesize
64KB

Download
memory/3520-33-0x00007FFE986D0000-0x00007FFE99071000-memory.dmp

Filesize
9.6MB

Download
memory/3520-86-0x000000001D1C0000-0x000000001D21C000-memory.dmp

Filesize
368KB

Download
memory/3520-34-0x0000000001090000-0x00000000010A0000-memory.dmp

Filesize
64KB

Download
memory/3992-80-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4340-44-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4388-56-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4480-72-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4484-64-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4536-2-0x000000001C4D0000-0x000000001C99E000-memory.dmp

Filesize
4.8MB

Download
memory/4536-4-0x00007FFE99060000-0x00007FFE99A01000-memory.dmp

Filesize
9.6MB

Download
memory/4536-5-0x000000001CAF0000-0x000000001CB8C000-memory.dmp

Filesize
624KB

Download
memory/4536-6-0x0000000001BB0000-0x0000000001BB8000-memory.dmp

Filesize
32KB

Download
memory/4536-3-0x000000001C9A0000-0x000000001CA46000-memory.dmp

Filesize
664KB

Download
memory/4536-1-0x0000000001BC0000-0x0000000001BD0000-memory.dmp

Filesize
64KB

Download
memory/4536-8-0x000000001F220000-0x000000001F52E000-memory.dmp

Filesize
3.1MB

Download
memory/4536-26-0x00007FFE99060000-0x00007FFE99A01000-memory.dmp

Filesize
9.6MB

Download
memory/4536-0-0x00007FFE99060000-0x00007FFE99A01000-memory.dmp

Filesize
9.6MB

Download
memory/4536-7-0x0000000001BC0000-0x0000000001BD0000-memory.dmp

Filesize
64KB

Download
memory/4752-52-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/4948-48-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads