Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06-09-2022 04:08
Behavioral task
behavioral1
Sample
bEG2.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
bEG2.exe
-
Size
23KB
-
MD5
c84b5aa41ceb238a9b328e4521c2903d
-
SHA1
6f75576e35f98544a7b938015a74498700aaacef
-
SHA256
5ac858d76e8ff1f69dc3cc87f6fe63c705e73b91141468c2959aebaebeeeb5ed
-
SHA512
0be8b058c02fe9429d5a742c859d4bf6b8f0a3fa78916d4be505d20e1a9eeb2e0f58a6aa3f7ea7d5b103465e3bd061ae21a7b30f27a48bdccc5b7a4bce2107e2
-
SSDEEP
384:ZweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZTH:eLq411eRpcnuk
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
bEG2.exedescription pid process Token: SeDebugPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe Token: 33 4444 bEG2.exe Token: SeIncBasePriorityPrivilege 4444 bEG2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
bEG2.exedescription pid process target process PID 4444 wrote to memory of 3304 4444 bEG2.exe netsh.exe PID 4444 wrote to memory of 3304 4444 bEG2.exe netsh.exe PID 4444 wrote to memory of 3304 4444 bEG2.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bEG2.exe"C:\Users\Admin\AppData\Local\Temp\bEG2.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\bEG2.exe" "bEG2.exe" ENABLE2⤵
- Modifies Windows Firewall