Analysis
-
max time kernel
136s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 15:54
Behavioral task
behavioral1
Sample
2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe
-
Size
301KB
-
MD5
5e04a9f2d48e007fc7ee5e06fb7a3613
-
SHA1
e3123b48a526b357d773b606916eaeedaf7ee437
-
SHA256
2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666
-
SHA512
0bfb8f050727c5a651a56b7dc6131412dc940252aa115c9adc6ee9462a5ef9e8acdb03617b0d6110d6fe6fcda5214310f9f496d8f78821455e2f457a80a5af14
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
Processes:
2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exedescription pid process Token: SeDebugPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: 33 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe Token: SeIncBasePriorityPrivilege 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exedescription pid process target process PID 1516 wrote to memory of 1732 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe netsh.exe PID 1516 wrote to memory of 1732 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe netsh.exe PID 1516 wrote to memory of 1732 1516 2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe"C:\Users\Admin\AppData\Local\Temp\2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe" "2bf0f638224e306a99420932175be8bcd8ac26311a964d65c385cc7915689666.exe" ENABLE2⤵