Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
09-04-2022 07:34
General
-
Target
b16fbd7f2bcb427d3473efce2bc72f3e.exe
-
Size
32KB
-
MD5
b16fbd7f2bcb427d3473efce2bc72f3e
-
SHA1
e294c3914f0d5d07d869faad19809df322f0b589
-
SHA256
b63198762408d6beff97af4132f085b3429e41bf7c00d7819e7361a7e987d3fa
-
SHA512
26abd5ca8ad85f3a8e390dbc35e0b086c87fd872d22769f643fe49147b9691ca84fd367e9566c976aefd2d93f1e1249634015685b1f2951dc301597de81d1071
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe" "b16fbd7f2bcb427d3473efce2bc72f3e.exe" ENABLE2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1500-54-0x00000000754A1000-0x00000000754A3000-memory.dmpFilesize
8KB
-
memory/1500-55-0x0000000074A30000-0x0000000074FDB000-memory.dmpFilesize
5.7MB
-
memory/1608-56-0x0000000000000000-mapping.dmp