Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 00:16
Behavioral task
behavioral1
Sample
0d8b76317dbfa4482bc07bc247df8f25.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
0d8b76317dbfa4482bc07bc247df8f25.exe
-
Size
31KB
-
MD5
0d8b76317dbfa4482bc07bc247df8f25
-
SHA1
236b3b64330227d5d34bda71703945747ecacf06
-
SHA256
da83ebf186d48f78f9aa8fd6c67d50141c20a104696697373badd324555b4c96
-
SHA512
807b7f22dd6fc7dece192ecc817d4471772134d4b48c08bd4f689d80aa4cd248eadd6625a2360bfef30f14dd54dd55c99e23ce88d8cf4d2c5af947f1978aa238
-
SSDEEP
768:8rzgfV5VXPKzxF+dtYjK/L+rvAJQmIDUu0tiJsj:/fqci4QVknj
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
0d8b76317dbfa4482bc07bc247df8f25.exedescription pid process Token: SeDebugPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 916 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 916 0d8b76317dbfa4482bc07bc247df8f25.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
0d8b76317dbfa4482bc07bc247df8f25.exedescription pid process target process PID 916 wrote to memory of 1368 916 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe PID 916 wrote to memory of 1368 916 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe PID 916 wrote to memory of 1368 916 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe PID 916 wrote to memory of 1368 916 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d8b76317dbfa4482bc07bc247df8f25.exe"C:\Users\Admin\AppData\Local\Temp\0d8b76317dbfa4482bc07bc247df8f25.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\0d8b76317dbfa4482bc07bc247df8f25.exe" "0d8b76317dbfa4482bc07bc247df8f25.exe" ENABLE2⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-54-0x00000000001E0000-0x0000000000220000-memory.dmpFilesize
256KB
-
memory/916-55-0x00000000001E0000-0x0000000000220000-memory.dmpFilesize
256KB
-
memory/916-56-0x00000000001E0000-0x0000000000220000-memory.dmpFilesize
256KB
-
memory/916-57-0x00000000001E0000-0x0000000000220000-memory.dmpFilesize
256KB