Analysis
-
max time kernel
156s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 17:59
Behavioral task
behavioral1
Sample
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe
Resource
win7-20220812-en
windows7-x64
7 signatures
150 seconds
General
-
Target
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe
-
Size
204KB
-
MD5
69ce3eed552390b1befd1653b27708d2
-
SHA1
570476d4bc5f234df0923b5774bfd3412db29ca2
-
SHA256
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43
-
SHA512
82a71d810ff41a748ae95b6c02c82725ffa2610d0f69c8e208da76709324e9c5a1dae6e69531333c1f5682548b4010369f11141aea0faa555cdc646ab31f52d4
-
SSDEEP
6144:LbpUyVszXOTsDyR4NZLT1ECSYlBwmOtPvle:LtsDO4UARTyS75kXo
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DDP Host = "C:\\Program Files (x86)\\DDP Host\\ddphost.exe" 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Drops file in Program Files directory 2 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription ioc process File created C:\Program Files (x86)\DDP Host\ddphost.exe 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe File opened for modification C:\Program Files (x86)\DDP Host\ddphost.exe 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exepid process 1044 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe 1044 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe 1044 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exepid process 1044 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exedescription pid process Token: SeDebugPrivilege 1044 2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe"C:\Users\Admin\AppData\Local\Temp\2dfdcbb5e1a51757d6b51f7eb51215aa113402873069433d7c2df35fe9513b43.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken