48ef6484cfbb42e01f65ddc603d7b060832a621220df7ef18d3904b652fc31cc

Analysis

max time kernel
51s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 22:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

48ef6484cfbb42e01f65ddc603d7b060832a621220df7ef18d3904b652fc31cc.exe
Size

76KB
MD5

0f3a97bc910919a0aa5d1db468867c6e
SHA1

1f84f0c3264b2093363231bd237b5a459a8332f3
SHA256

48ef6484cfbb42e01f65ddc603d7b060832a621220df7ef18d3904b652fc31cc
SHA512

80e9167e1c50dd8a72467a960734f7ab5c8f1b9edcf4ef37ea81b822c315d95fb2118b2fd00b57cca323f8875db8d02d5dffd703b7d26640104d02f8f4205d5e
SSDEEP

768:ZjAqrB8yFUvIoSqKAvKr+9RTW26N5U1Y6H0jHv6qvtq1o7Mr1WDMNJCXvHCCjPkS:LeR/hNcdWlSM4HCCrkCyKmaIqf

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Modify Existing Service

T1031

pid	Process
260	netsh.exe

C:\Users\Admin\AppData\Local\Temp\48ef6484cfbb42e01f65ddc603d7b060832a621220df7ef18d3904b652fc31cc.exe
"C:\Users\Admin\AppData\Local\Temp\48ef6484cfbb42e01f65ddc603d7b060832a621220df7ef18d3904b652fc31cc.exe"
1⤵
PID:4480
- C:\Users\Admin\AppData\LocalInl_aHefgE.exe
  "C:\Users\Admin\AppData\LocalInl_aHefgE.exe"
  2⤵
  PID:4720
- - C:\Users\Admin\AppData\Roaming\temp.exe
    "C:\Users\Admin\AppData\Roaming\temp.exe"
    3⤵
    PID:4456
  - - C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\temp.exe" "temp.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      PID:260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalInl_aHefgE.exe

Filesize
40KB

MD5
55553161cf363a921f971c127d30e8c0

SHA1
96773fd396d9a10722f43fbae1c881e778f0f97e

SHA256
264f53dbff1cf622aee3b080efb35b97eb460e988e7cf7282f4d0e95ddb6269e

SHA512
e5f634c18d97c21dfea90c4a25cd144b718bd104337e2992d6273e5a07d8b18bf9d8f1e70a89c79e277ed4c9620f04e2fce7e25ef8a5972cc764b2f507f073c4

Download Submit
C:\Users\Admin\AppData\LocalInl_aHefgE.exe

Filesize
8KB

MD5
4a338552cbcf339a59323454a307e72d

SHA1
4fa03edeec86f8a12e5c3f804db3ddbc0c61b5e9

SHA256
3a661d7eaa2e9ce0e66221bc740c403601193fd027fd84be81b06fdd178bf31f

SHA512
978f08db8988dbc468f02cf83bd90d8b1eebb08af7f019a991a19f6d2458cee5c6a5ec2e66cbaab8892498a93b3810fe09acea54ab64968a9a40edb5f875ef83

Download Submit
C:\Users\Admin\AppData\Roaming\temp.exe

Filesize
43KB

MD5
3e926156484d3167ca050bddf79e9545

SHA1
b3f5dbeb6d5be2516cab80f39faf28a828dfb935

SHA256
51db2710ce3c2852b2b7db1343ccbe7003f74db88e391e51742cf27542cc0f74

SHA512
e8df199667174389bfbba7565b0dd3d0986d9556ba3702eef99ad453d954263a6c90d0c233d32167720e39dc324ad1088ae24f554f35bcf3af99aefed5d67d51

Download Submit
C:\Users\Admin\AppData\Roaming\temp.exe

Filesize
43KB

MD5
3e926156484d3167ca050bddf79e9545

SHA1
b3f5dbeb6d5be2516cab80f39faf28a828dfb935

SHA256
51db2710ce3c2852b2b7db1343ccbe7003f74db88e391e51742cf27542cc0f74

SHA512
e8df199667174389bfbba7565b0dd3d0986d9556ba3702eef99ad453d954263a6c90d0c233d32167720e39dc324ad1088ae24f554f35bcf3af99aefed5d67d51

Download Submit
memory/4456-142-0x00000000749E0000-0x0000000074F91000-memory.dmp

Filesize
5.7MB

Download
memory/4480-132-0x00007FFECF680000-0x00007FFED00B6000-memory.dmp

Filesize
10.2MB

Download
memory/4720-136-0x00000000749E0000-0x0000000074F91000-memory.dmp

Filesize
5.7MB

Download
memory/4720-140-0x00000000749E0000-0x0000000074F91000-memory.dmp

Filesize
5.7MB

Download