Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
22-09-2021 14:04
General
-
Target
e741074fedb4ec508e304ecb834d78aa.exe
-
Size
37KB
-
MD5
e741074fedb4ec508e304ecb834d78aa
-
SHA1
2189c0ffa7ba0d2c64dd9dea2b00b967f4de2d93
-
SHA256
fdd90c147010114bf0d334c72cfba5a164c26b1f8fdd1e04271901f1152765dc
-
SHA512
33a862402852c7604ade1b028a229d0915e8e096e80a97b7149aea85bfb33e13653e21bd2f476a09646186a31bb42acd2f990e701397ca786641c9c4d9539f53
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e741074fedb4ec508e304ecb834d78aa.exe"C:\Users\Admin\AppData\Local\Temp\e741074fedb4ec508e304ecb834d78aa.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\e741074fedb4ec508e304ecb834d78aa.exe" "e741074fedb4ec508e304ecb834d78aa.exe" ENABLE2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2384-115-0x0000000002A60000-0x0000000002A61000-memory.dmpFilesize
4KB
-
memory/2644-116-0x0000000000000000-mapping.dmp