Analysis
-
max time kernel
64s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
18-01-2021 09:03
General
-
Target
new po.exe
-
Size
3.7MB
-
MD5
db7c5591589c1bc7be457ad87d8fff0e
-
SHA1
065fbdf5b64cc5c9cf4f983f229a89d7252f62a6
-
SHA256
3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af
-
SHA512
17d5604178dc9789e107a17d07cc43132676d51ff29205f802f59a2b2c0d09dc72b87099be6d2ec1975999ee5ff88ffda9d168d44ad429745999a42e3758d2dc
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
-
System policy modification 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\new po.exe"C:\Users\Admin\AppData\Local\Temp\new po.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\new po.exe"{path}"2⤵
- Checks whether UAC is enabled
- System policy modification
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/292-2-0x00000000748A0000-0x0000000074F8E000-memory.dmpFilesize
6.9MB
-
memory/292-3-0x0000000001000000-0x0000000001001000-memory.dmpFilesize
4KB
-
memory/292-5-0x0000000005130000-0x0000000005131000-memory.dmpFilesize
4KB
-
memory/292-6-0x00000000004F0000-0x00000000004FE000-memory.dmpFilesize
56KB
-
memory/292-7-0x0000000009C00000-0x0000000009F99000-memory.dmpFilesize
3.6MB
-
memory/1740-8-0x0000000000400000-0x00000000007B5000-memory.dmpFilesize
3.7MB
-
memory/1740-9-0x0000000000688844-mapping.dmp
-
memory/1740-10-0x0000000076861000-0x0000000076863000-memory.dmpFilesize
8KB
-
memory/1740-11-0x0000000000400000-0x00000000007B5000-memory.dmpFilesize
3.7MB
-
memory/1740-12-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB