Analysis
-
max time kernel
151s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-11-2022 17:59
Behavioral task
behavioral1
Sample
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe
Resource
win7-20220812-en
windows7-x64
7 signatures
150 seconds
General
-
Target
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe
-
Size
204KB
-
MD5
69ce3eed552390b1befd1653b27708d2
-
SHA1
570476d4bc5f234df0923b5774bfd3412db29ca2
-
SHA256
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43
-
SHA512
82a71d810ff41a748ae95b6c02c82725ffa2610d0f69c8e208da76709324e9c5a1dae6e69531333c1f5682548b4010369f11141aea0faa555cdc646ab31f52d4
-
SSDEEP
6144:LbpUyVszXOTsDyR4NZLT1ECSYlBwmOtPvle:LtsDO4UARTyS75kXo
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SCSI Service = "C:\\Program Files (x86)\\SCSI Service\\scsisvc.exe" 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Drops file in Program Files directory 2 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription ioc process File created C:\Program Files (x86)\SCSI Service\scsisvc.exe 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe File opened for modification C:\Program Files (x86)\SCSI Service\scsisvc.exe 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exepid process 1792 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe 1792 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe 1792 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe 1792 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exepid process 1792 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription pid process Token: SeDebugPrivilege 1792 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe"C:\Users\Admin\AppData\Local\Temp\2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken