Overview
overview
10Static
static
10files/1.exe
windows7-x64
1files/1.exe
windows10-2004-x64
1files/10.exe
windows7-x64
7files/10.exe
windows10-2004-x64
7files/11.exe
windows7-x64
10files/11.exe
windows10-2004-x64
10files/12.exe
windows7-x64
8files/12.exe
windows10-2004-x64
8files/13.exe
windows7-x64
10files/13.exe
windows10-2004-x64
10files/14.exe
windows7-x64
10files/14.exe
windows10-2004-x64
10files/15.exe
windows7-x64
10files/15.exe
windows10-2004-x64
10files/2.exe
windows7-x64
10files/2.exe
windows10-2004-x64
10files/3.exe
windows7-x64
10files/3.exe
windows10-2004-x64
10files/4.exe
windows7-x64
10files/4.exe
windows10-2004-x64
10files/5.exe
windows7-x64
10files/5.exe
windows10-2004-x64
10files/6.exe
windows7-x64
6files/6.exe
windows10-2004-x64
6files/7.exe
windows7-x64
10files/7.exe
windows10-2004-x64
10files/8.exe
windows7-x64
10files/8.exe
windows10-2004-x64
10files/9.exe
windows7-x64
10files/9.exe
windows10-2004-x64
10Analysis
-
max time kernel
148s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
25-07-2022 05:57
Behavioral task
behavioral1
Sample
files/1.exe
Resource
win7-20220718-en
windows7-x64
Behavioral task
behavioral2
Sample
files/1.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
files/10.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral4
Sample
files/10.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
files/11.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral6
Sample
files/11.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
files/12.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral8
Sample
files/12.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
files/13.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral10
Sample
files/13.exe
Resource
win10v2004-20220722-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
files/14.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral12
Sample
files/14.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
files/15.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral14
Sample
files/15.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
files/2.exe
Resource
win7-20220718-en
windows7-x64
Behavioral task
behavioral16
Sample
files/2.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
files/3.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral18
Sample
files/3.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
files/4.exe
Resource
win7-20220718-en
windows7-x64
Behavioral task
behavioral20
Sample
files/4.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
files/5.exe
Resource
win7-20220718-en
windows7-x64
Behavioral task
behavioral22
Sample
files/5.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
files/6.exe
Resource
win7-20220715-en
windows7-x64
Behavioral task
behavioral24
Sample
files/6.exe
Resource
win10v2004-20220722-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
files/7.exe
Resource
win7-20220718-en
windows7-x64
Behavioral task
behavioral26
Sample
files/7.exe
Resource
win10v2004-20220722-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
files/8.exe
Resource
win7-20220718-en
windows7-x64
Behavioral task
behavioral28
Sample
files/8.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
files/9.exe
Resource
win7-20220718-en
windows7-x64
General
-
Target
files/12.exe
-
Size
32KB
-
MD5
7cf3aecad9d39a53f50786d6a8027029
-
SHA1
fb29cbd768bd1f8f3de4ad7e7e0d59266b51717b
-
SHA256
fff353843eb081d94aac5c048c7cbc41e62ecd476a2cbee970066199f81afdaa
-
SHA512
92df490a3e12087578d3d29cfe91e057aacbaa621e21484dc7f6867976536353d3f91ebc2d7aef644d8b345f9ba09ab07ca21811e2ed915cd131aab80c86a643
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
pid Process 1420 netsh.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3440072777-2118400376-1759599358-1000\Software\Microsoft\Windows\CurrentVersion\Run\a7c34a25f5c5b16d3a26d56c11dd4df5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\files\\12.exe\" .." 12.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\a7c34a25f5c5b16d3a26d56c11dd4df5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\files\\12.exe\" .." 12.exe -
Suspicious use of AdjustPrivilegeToken 33 IoCs
description pid Process Token: SeDebugPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe Token: 33 912 12.exe Token: SeIncBasePriorityPrivilege 912 12.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 912 wrote to memory of 1420 912 12.exe 27 PID 912 wrote to memory of 1420 912 12.exe 27 PID 912 wrote to memory of 1420 912 12.exe 27 PID 912 wrote to memory of 1420 912 12.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\files\12.exe"C:\Users\Admin\AppData\Local\Temp\files\12.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:912 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\files\12.exe" "12.exe" ENABLE2⤵
- Modifies Windows Firewall
PID:1420
-