Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
09-04-2022 07:34
Static task
static1
Behavioral task
behavioral1
Sample
b16fbd7f2bcb427d3473efce2bc72f3e.exe
Resource
win7-20220331-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b16fbd7f2bcb427d3473efce2bc72f3e.exe
Resource
win10v2004-20220331-en
0 signatures
0 seconds
General
-
Target
b16fbd7f2bcb427d3473efce2bc72f3e.exe
-
Size
32KB
-
MD5
b16fbd7f2bcb427d3473efce2bc72f3e
-
SHA1
e294c3914f0d5d07d869faad19809df322f0b589
-
SHA256
b63198762408d6beff97af4132f085b3429e41bf7c00d7819e7361a7e987d3fa
-
SHA512
26abd5ca8ad85f3a8e390dbc35e0b086c87fd872d22769f643fe49147b9691ca84fd367e9566c976aefd2d93f1e1249634015685b1f2951dc301597de81d1071
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
Processes:
b16fbd7f2bcb427d3473efce2bc72f3e.exedescription pid process Token: SeDebugPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: 33 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe Token: SeIncBasePriorityPrivilege 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
b16fbd7f2bcb427d3473efce2bc72f3e.exedescription pid process target process PID 1500 wrote to memory of 1608 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe netsh.exe PID 1500 wrote to memory of 1608 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe netsh.exe PID 1500 wrote to memory of 1608 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe netsh.exe PID 1500 wrote to memory of 1608 1500 b16fbd7f2bcb427d3473efce2bc72f3e.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe" "b16fbd7f2bcb427d3473efce2bc72f3e.exe" ENABLE2⤵