ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125

General

Target

ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
Size

2.7MB
MD5

f587289716b20ef3cf063401485a7739
SHA1

2d3d62e2897ef08191acad2e542cade10c5fe80a
SHA256

ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125
SHA512

39ebcbdc0e7df829d9b6661b75df85946a22b17ec66ab35f069be54f19b93979f5508dccf2f28d66a43951f5c24ac66eed0a7c50319243da08505a159539c036
SSDEEP

24576:Te021kbRDm43/F7XyNLeu5MjUpetNzO2wpg+J/5zNz/HCkjqgMo4+NXcFtFixj8d:Tj2q/ZK9MUpeX6t/bhj6SOixNG

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs

pid	Process
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 43 IoCs

pid	Process
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
Token: SeDebugPrivilege	1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
Token: SeDebugPrivilege	1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
Token: SeDebugPrivilege	1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
1520	ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe

C:\Users\Admin\AppData\Local\Temp\ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe
"C:\Users\Admin\AppData\Local\Temp\ab24aef3ac0ab48b8e9b774d471e7dd69baac86feddb450917d6590565002125.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-0-0x0000000000400000-0x00000000006B3000-memory.dmp

Filesize
2.7MB

Download
memory/1520-1-0x0000000076870000-0x00000000768B7000-memory.dmp

Filesize
284KB

Download
memory/1520-503-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-504-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-506-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-510-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-512-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-516-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-514-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-508-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-518-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-526-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-538-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-552-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-520-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-524-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-536-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-564-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-562-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-560-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-558-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-556-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-554-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-550-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-548-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-546-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-544-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-542-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-540-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-534-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-532-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-530-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-528-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-522-0x0000000002590000-0x00000000026A1000-memory.dmp

Filesize
1.1MB

Download
memory/1520-7779-0x0000000000400000-0x00000000006B3000-memory.dmp

Filesize
2.7MB

Download

Analysis

Sharing