General
-
Target
cd9d2ef442418e6a62d0a887e5f970301a48a52e4ec65e26cb31efbee14c8c36
-
Size
3.1MB
-
Sample
201111-wmnlq64pvs
-
MD5
63a4fa287d067ff9083c6d2bf5735016
-
SHA1
0e1ca1394559574751ba43f377aeea877ae4705c
-
SHA256
cd9d2ef442418e6a62d0a887e5f970301a48a52e4ec65e26cb31efbee14c8c36
-
SHA512
424e2a60e704b983a4bef4a5c275c1133bbc2fd0b8d1b1b971dd79b74083878a6a8319816fc94d00f2c46e3abbaf7e4a4dd0e7599f6bdd80322f3d8a1f8a2121
Static task
static1
Behavioral task
behavioral1
Sample
cd9d2ef442418e6a62d0a887e5f970301a48a52e4ec65e26cb31efbee14c8c36.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cd9d2ef442418e6a62d0a887e5f970301a48a52e4ec65e26cb31efbee14c8c36.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
cd9d2ef442418e6a62d0a887e5f970301a48a52e4ec65e26cb31efbee14c8c36
-
Size
3.1MB
-
MD5
63a4fa287d067ff9083c6d2bf5735016
-
SHA1
0e1ca1394559574751ba43f377aeea877ae4705c
-
SHA256
cd9d2ef442418e6a62d0a887e5f970301a48a52e4ec65e26cb31efbee14c8c36
-
SHA512
424e2a60e704b983a4bef4a5c275c1133bbc2fd0b8d1b1b971dd79b74083878a6a8319816fc94d00f2c46e3abbaf7e4a4dd0e7599f6bdd80322f3d8a1f8a2121
Score9/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-