Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
13-11-2021 19:03
General
-
Target
Server.exe
-
Size
106KB
-
MD5
ca93954e9f0369fe2ca7c043d68fa408
-
SHA1
60e0267f20a1c4956d911c8a95d6c65efa7a0649
-
SHA256
8d15eaeaa5c40aca8b91859c86d958a61cfbd410e2cd29bac0a95eef3dc8e091
-
SHA512
94eaa776e800d5fd3d845b57db58c546ea175f949f736bfe6989ec7becc80838745236e521d2cbce1b2a6c9d6753aa2090f0af32246b04cafede28cb68357f2d
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Server.exe" "Server.exe" ENABLE2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/932-57-0x0000000000000000-mapping.dmp
-
memory/1540-55-0x0000000075731000-0x0000000075733000-memory.dmpFilesize
8KB
-
memory/1540-56-0x0000000000B60000-0x0000000000B61000-memory.dmpFilesize
4KB