060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83

General

Target

060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
Size

762KB
MD5

0f49bb0c2a604fa78ec0bd36b0a7f364
SHA1

5753b5b6e57c521670d901f441f8e2c65292542e
SHA256

060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83
SHA512

0e4e689afdd64e160293ad7d3e26871e20bb53b65e5c3276ba52b325ea9e616019bfda1e0c9fa6342beeb4fe6896ff4b44be4ca8a2c26acc7ca7b0bb2fc95180
SSDEEP

12288:M3qyJMrv295xzbgiPZ1xRllixBcyFDBdH7X+yz3dP7r9r/+ppppppppppppppppF:M6OmvzAUDBt7XvLd1q

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2288	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	28
PID 2368 wrote to memory of 2288	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	28
PID 2368 wrote to memory of 2288	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	28
PID 2368 wrote to memory of 2288	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	28
PID 2368 wrote to memory of 1620	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	29
PID 2368 wrote to memory of 1620	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	29
PID 2368 wrote to memory of 1620	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	29
PID 2368 wrote to memory of 1620	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	29
PID 2368 wrote to memory of 2704	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	30
PID 2368 wrote to memory of 2704	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	30
PID 2368 wrote to memory of 2704	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	30
PID 2368 wrote to memory of 2704	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	30
PID 2368 wrote to memory of 2708	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	31
PID 2368 wrote to memory of 2708	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	31
PID 2368 wrote to memory of 2708	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	31
PID 2368 wrote to memory of 2708	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	31
PID 2368 wrote to memory of 2736	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	32
PID 2368 wrote to memory of 2736	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	32
PID 2368 wrote to memory of 2736	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	32
PID 2368 wrote to memory of 2736	2368	060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe	32

C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
"C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
  "C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe"
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
  "C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe"
  2⤵
  PID:1620
- C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
  "C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe"
  2⤵
  PID:2704
- C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
  "C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe"
  2⤵
  PID:2708
- C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
  "C:\Users\Admin\AppData\Local\Temp\060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe"
  2⤵
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-0-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/2368-1-0x0000000000360000-0x0000000000424000-memory.dmp

Filesize
784KB

Download
memory/2368-2-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download
memory/2368-3-0x0000000000240000-0x0000000000256000-memory.dmp

Filesize
88KB

Download
memory/2368-4-0x0000000000680000-0x000000000068E000-memory.dmp

Filesize
56KB

Download
memory/2368-5-0x0000000000690000-0x00000000006A0000-memory.dmp

Filesize
64KB

Download
memory/2368-6-0x00000000009B0000-0x0000000000A12000-memory.dmp

Filesize
392KB

Download
memory/2368-7-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads