Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 22:40
Static task
static1
Behavioral task
behavioral1
Sample
a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe
-
Size
32KB
-
MD5
da268d08878d0beef46edb8bb5254c5f
-
SHA1
cb8d6fe65c5bf3d652143af39bff93ece1a433d9
-
SHA256
a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754
-
SHA512
05706ad528a9478a95ff34304ee29c5b9027df8dde6e5c57adbbedb7d7004e70e25d5f7a3cdf234a520a02c2002804daf0fd7880068f3f66e4d477fb9b4210d0
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 31 IoCs
Processes:
a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exedescription pid process Token: SeDebugPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: 33 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe Token: SeIncBasePriorityPrivilege 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exedescription pid process target process PID 916 wrote to memory of 900 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe netsh.exe PID 916 wrote to memory of 900 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe netsh.exe PID 916 wrote to memory of 900 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe netsh.exe PID 916 wrote to memory of 900 916 a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe"C:\Users\Admin\AppData\Local\Temp\a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe" "a01a69e6d6226d53a8172c66b0d47cb85f753a838f3a6b6bee1c4fcb614e8754.exe" ENABLE2⤵