9f64df73b619cd708696983b9eb2dea834a4e6bf62128e28adb4d8d7b2f8143f

General

Target

4b6d021cb11a5e8abb0ab28e1ae0f711.exe
Size

629KB
MD5

4b6d021cb11a5e8abb0ab28e1ae0f711
SHA1

337e975f7d0f214da025e0b7d5b749dbbfcb5756
SHA256

9f64df73b619cd708696983b9eb2dea834a4e6bf62128e28adb4d8d7b2f8143f
SHA512

99a48435584de988a007e89d2f08fa662fce19cec8971aa320571b4a61f0632177c080a7e1ce5dc4114294e95cf2a396c79429307229842d9946e05ebd19f4e3
SSDEEP

12288:uqqv9wHM7iS/d348mtr1jCrS3yrm1pJp/P14F:u7wHPS/d3O5uSNhN4F

Score

9^/10

Malware Config

Signatures

CustAttr .NET packer 1 IoCs

Detects CustAttr .NET packer in memory.

Processes:

resource	yara_rule
behavioral1/memory/2124-3-0x0000000000340000-0x0000000000352000-memory.dmp	CustAttr

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

4b6d021cb11a5e8abb0ab28e1ae0f711.exe

pid	process
2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4b6d021cb11a5e8abb0ab28e1ae0f711.exe

description pid process

Token: SeDebugPrivilege 2124 4b6d021cb11a5e8abb0ab28e1ae0f711.exe

description	pid	process
Token: SeDebugPrivilege	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

4b6d021cb11a5e8abb0ab28e1ae0f711.exe

C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe
"C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2124

C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe
"C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe"
2⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe
"C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe"
2⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe
"C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe"
2⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe
"C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe"
2⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe
"C:\Users\Admin\AppData\Local\Temp\4b6d021cb11a5e8abb0ab28e1ae0f711.exe"
2⤵
PID:2840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2124-0-0x0000000000140000-0x00000000001E2000-memory.dmp

Filesize
648KB

Download
memory/2124-1-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2124-2-0x00000000006A0000-0x00000000006E0000-memory.dmp

Filesize
256KB

Download
memory/2124-3-0x0000000000340000-0x0000000000352000-memory.dmp

Filesize
72KB

Download
memory/2124-4-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2124-5-0x00000000006A0000-0x00000000006E0000-memory.dmp

Filesize
256KB

Download
memory/2124-6-0x0000000005240000-0x00000000052B6000-memory.dmp

Filesize
472KB

Download
memory/2124-7-0x0000000000600000-0x0000000000630000-memory.dmp

Filesize
192KB

Download
memory/2124-8-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 2124 wrote to memory of 2592	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2592	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2592	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2592	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2708	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2708	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2708	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2708	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2468	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2468	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2468	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2468	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2656	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2656	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2656	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2656	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2840	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2840	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2840	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe
PID 2124 wrote to memory of 2840	2124	4b6d021cb11a5e8abb0ab28e1ae0f711.exe	4b6d021cb11a5e8abb0ab28e1ae0f711.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads