Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
22-01-2022 14:11
General
-
Target
aecee89ac383e028e843f29aebbb191d.exe
-
Size
37KB
-
MD5
aecee89ac383e028e843f29aebbb191d
-
SHA1
fb228c1a12415c6f301a76774c28ac602dafde44
-
SHA256
fc4fc64aa60cab72de617368e5dfdd772f99f7b2881947193e36f0adc169776a
-
SHA512
2f4b80fdf6aefa1b6ee10edcebc48dce8ec26c85eaf226a67c7d32295a8964a648b855e9d5a03d7a42681cb65175499abb911e8ba001651d56f0e5b420c6aed2
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Drops startup file 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aecee89ac383e028e843f29aebbb191d.exe"C:\Users\Admin\AppData\Local\Temp\aecee89ac383e028e843f29aebbb191d.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\aecee89ac383e028e843f29aebbb191d.exe" "aecee89ac383e028e843f29aebbb191d.exe" ENABLE2⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB