Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
10-12-2021 23:08
General
-
Target
ad6d18c89eef983fc9f430c196126c8d.exe
-
Size
37KB
-
MD5
ad6d18c89eef983fc9f430c196126c8d
-
SHA1
afb1de83bc99267054f39829d9a43974b9e40a20
-
SHA256
c54173049678a8818d2857d63c4b671ffe1652c74280ede9f210f542881e0287
-
SHA512
3bee79110ff9394828d4505648c0895f3fa2986e633da418532937cfb0160e30b99f163f3ca1895b0765f61bafd9d1969eec78c0f50aa29d04ae731dde5ea92e
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad6d18c89eef983fc9f430c196126c8d.exe"C:\Users\Admin\AppData\Local\Temp\ad6d18c89eef983fc9f430c196126c8d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\ad6d18c89eef983fc9f430c196126c8d.exe" "ad6d18c89eef983fc9f430c196126c8d.exe" ENABLE2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1828-116-0x0000000000000000-mapping.dmp
-
memory/3264-115-0x0000000002AA0000-0x0000000002AA1000-memory.dmpFilesize
4KB