Analysis
-
max time kernel
151s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 22:59
Behavioral task
behavioral1
Sample
f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe
-
Size
31KB
-
MD5
cf856b0a8e9f53a5e94eb2c87865b61e
-
SHA1
6278a094d00c2fc2a11d7064881789635b29fe64
-
SHA256
f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c
-
SHA512
a813a28f195ea32003a3b23289dbf6cba44d4fb9d2700415155b2f42dcb0469d5ffda85047502b465592a87d28a2b0c7fb1ee9eefd2b97e85c35325342d19aae
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
Processes:
f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exedescription pid process Token: SeDebugPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: 33 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe Token: SeIncBasePriorityPrivilege 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exedescription pid process target process PID 548 wrote to memory of 956 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe netsh.exe PID 548 wrote to memory of 956 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe netsh.exe PID 548 wrote to memory of 956 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe netsh.exe PID 548 wrote to memory of 956 548 f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe"C:\Users\Admin\AppData\Local\Temp\f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe" "f3fc78922144112105dd5b0bd4acd45d8723662e1960a14cf976edafa5cfbd7c.exe" ENABLE2⤵