Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
24-03-2023 04:30
General
-
Target
39dda22bc0baa6be16a26d21b7cd12b8.exe
-
Size
37KB
-
MD5
39dda22bc0baa6be16a26d21b7cd12b8
-
SHA1
2a38beffbd14f58bd91c9530959cd7e832a12799
-
SHA256
38d653d1792cc05fae43f3c9a5dfae6910dc904647de5e1cadf31fca9a7dcee3
-
SHA512
3b6832055b2ccc5fa6e283c9baec0173c603714fb2b677124c5bb9d1a222239e4ed155e5fce0a02998a7c86e935fd9b7762b2e22abebffb86fd426ca3bc5aff7
-
SSDEEP
384:QmOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM35:GFdGdkrgYRwWS0rM+rMRa8Nu3+t
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39dda22bc0baa6be16a26d21b7cd12b8.exe"C:\Users\Admin\AppData\Local\Temp\39dda22bc0baa6be16a26d21b7cd12b8.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\39dda22bc0baa6be16a26d21b7cd12b8.exe" "39dda22bc0baa6be16a26d21b7cd12b8.exe" ENABLE2⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3388-133-0x00000000008A0000-0x00000000008B0000-memory.dmpFilesize
64KB
-
memory/3388-134-0x00000000008A0000-0x00000000008B0000-memory.dmpFilesize
64KB