Overview

overview

10

Static

static

b277141c35...d9.exe

windows7_x64

10

b277141c35...d9.exe

windows10_x64

10

Analysis

  • max time kernel
    3s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    24-07-2021 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b277141c357912e3cf76cf2eff36d2d9.exe

  • Size

    2.9MB

  • MD5

    b277141c357912e3cf76cf2eff36d2d9

  • SHA1

    dfee214eec9da65da55ce47f44ccb0ae4751195e

  • SHA256

    f3dda8f48606c448d22a7b407f61757605acc028d3deddd0ad8c1e2742efcf86

  • SHA512

    11aad22541baeeb19f54b306b3719da789287ce5ad2aec9218c2b305b69d4bd8fe794063fab761ce5f90a02ffb506ed9b2431966a2e9aa605647508f5326159b

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 3 IoCs
    evasion
  • UAC bypass 3 TTPs
    evasiontrojan
  • Windows security bypass 2 TTPs
    evasiontrojan
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b277141c357912e3cf76cf2eff36d2d9.exe
    "C:\Users\Admin\AppData\Local\Temp\b277141c357912e3cf76cf2eff36d2d9.exe"
    1⤵
    • Modifies firewall policy service
    • Windows security modification
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/736-60-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download