Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
27-12-2021 00:26
General
-
Target
a8dc753c688c6575161f62092cd2007d.exe
-
Size
37KB
-
MD5
a8dc753c688c6575161f62092cd2007d
-
SHA1
c1edb2b7b8aadddca630085dc8e2ba4d0392ee53
-
SHA256
dbc86d106d7e6993024eca3c621bd7dd84ea578903fd11a62ed3af896ef78470
-
SHA512
84da0b51aecf8743839f6dceafcdadc1491cb84b7949862c0b079a3f98c8c6d983bc15e045e48476b05f3c05abf149e921faccdbbdb56f406f2d3223ab9f66ea
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8dc753c688c6575161f62092cd2007d.exe"C:\Users\Admin\AppData\Local\Temp\a8dc753c688c6575161f62092cd2007d.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\a8dc753c688c6575161f62092cd2007d.exe" "a8dc753c688c6575161f62092cd2007d.exe" ENABLE2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/336-57-0x0000000000000000-mapping.dmp
-
memory/1940-55-0x00000000760F1000-0x00000000760F3000-memory.dmpFilesize
8KB
-
memory/1940-56-0x00000000022F0000-0x00000000022F1000-memory.dmpFilesize
4KB