Analysis
-
max time kernel
169s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
04-12-2022 06:12
General
-
Target
a01b77c2054ed422cff3e01bd19c891312e704990c391f90429758d0fa00c3ae.exe
-
Size
846KB
-
MD5
e34e13fb33c1833e907f4baf884c6b02
-
SHA1
c83fc7276c2a36a2ddbc4d41f3fc3d4a439ed165
-
SHA256
a01b77c2054ed422cff3e01bd19c891312e704990c391f90429758d0fa00c3ae
-
SHA512
fe3da0ecf696af7293f027ad6572fd61cbb090b83f10b0a096e8c136fd12ceb01912e89e9cdc514caa3b72498308aef3a11fb077d833ea99dec0869b8d9b6d2c
-
SSDEEP
12288:SQdrqWXmAIcbDCntXNxssSTFtbEkDk7rg3HOsSjubLun8FYlnbJdvE:SIOwIcbDuMhFDGYHy83Fg9h
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a01b77c2054ed422cff3e01bd19c891312e704990c391f90429758d0fa00c3ae.exe"C:\Users\Admin\AppData\Local\Temp\a01b77c2054ed422cff3e01bd19c891312e704990c391f90429758d0fa00c3ae.exe"1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram program = "C:\Users\Admin\AppData\Local\Temp\a01b77c2054ed422cff3e01bd19c891312e704990c391f90429758d0fa00c3ae.exe" name = Security3 mode = ENABLE scope = ALL2⤵
- Modifies Windows Firewall
-