Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
19-04-2021 05:51
General
-
Target
b2ebdf85608402d4210c9ecbab49002f.exe
-
Size
37KB
-
MD5
b2ebdf85608402d4210c9ecbab49002f
-
SHA1
8672edb24a4a7c0e82a2566b720f4ee347ddf476
-
SHA256
ee56f404e806f2c7c4a261236ae00dcd73461e84748f3d6d229a15ca555d4583
-
SHA512
0e86a80059ac9dc69b456bf4574f50cc73a45a3c54bf268453b38a0be0c224beed785250a32fb3d92bca1e6763750ac77eba9a139f09f7c206368358a3814496
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Drops startup file 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2ebdf85608402d4210c9ecbab49002f.exe"C:\Users\Admin\AppData\Local\Temp\b2ebdf85608402d4210c9ecbab49002f.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\b2ebdf85608402d4210c9ecbab49002f.exe" "b2ebdf85608402d4210c9ecbab49002f.exe" ENABLE2⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2624-115-0x0000000000000000-mapping.dmp
-
memory/4000-114-0x0000000002B80000-0x0000000002B81000-memory.dmpFilesize
4KB