Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2023, 21:01

General

  • Target

    2d74fc7b25971340e54688ca3f05ebff.exe

  • Size

    93KB

  • MD5

    2d74fc7b25971340e54688ca3f05ebff

  • SHA1

    80a4cad74c96133ac0f4fcbaf9c0f45bde6401c7

  • SHA256

    3bcac9666c13e12dc163e6f9e071bd613f052f1c1bbd283eec6f54e27f722c9e

  • SHA512

    a4a7487cebd10a1a4038ac4d19f643aedbeca90331550e2c66d1148826579cdf0f9d19b8fe3c0c2e23b5f349e736a4b90dc1d04b5f7abcb4155ae17a148f2b82

  • SSDEEP

    768:oY3fCpD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk35sGn:PCLOx6baIa9RPj00ljEwzGi1dDpDLgS

Score
8/10

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d74fc7b25971340e54688ca3f05ebff.exe
    "C:\Users\Admin\AppData\Local\Temp\2d74fc7b25971340e54688ca3f05ebff.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\2d74fc7b25971340e54688ca3f05ebff.exe" "2d74fc7b25971340e54688ca3f05ebff.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:4112
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\2d74fc7b25971340e54688ca3f05ebff.exe"
      2⤵
      • Modifies Windows Firewall
      PID:1152
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\2d74fc7b25971340e54688ca3f05ebff.exe" "2d74fc7b25971340e54688ca3f05ebff.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:4472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4972-132-0x00000000746C0000-0x0000000074C71000-memory.dmp

    Filesize

    5.7MB

  • memory/4972-136-0x00000000746C0000-0x0000000074C71000-memory.dmp

    Filesize

    5.7MB