Analysis
-
max time kernel
148s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
08-06-2023 00:18
Behavioral task
behavioral1
Sample
0d8b76317dbfa4482bc07bc247df8f25.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
0d8b76317dbfa4482bc07bc247df8f25.exe
-
Size
31KB
-
MD5
0d8b76317dbfa4482bc07bc247df8f25
-
SHA1
236b3b64330227d5d34bda71703945747ecacf06
-
SHA256
da83ebf186d48f78f9aa8fd6c67d50141c20a104696697373badd324555b4c96
-
SHA512
807b7f22dd6fc7dece192ecc817d4471772134d4b48c08bd4f689d80aa4cd248eadd6625a2360bfef30f14dd54dd55c99e23ce88d8cf4d2c5af947f1978aa238
-
SSDEEP
768:8rzgfV5VXPKzxF+dtYjK/L+rvAJQmIDUu0tiJsj:/fqci4QVknj
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
0d8b76317dbfa4482bc07bc247df8f25.exedescription pid process Token: SeDebugPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: 33 1712 0d8b76317dbfa4482bc07bc247df8f25.exe Token: SeIncBasePriorityPrivilege 1712 0d8b76317dbfa4482bc07bc247df8f25.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
0d8b76317dbfa4482bc07bc247df8f25.exedescription pid process target process PID 1712 wrote to memory of 300 1712 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe PID 1712 wrote to memory of 300 1712 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe PID 1712 wrote to memory of 300 1712 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe PID 1712 wrote to memory of 300 1712 0d8b76317dbfa4482bc07bc247df8f25.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d8b76317dbfa4482bc07bc247df8f25.exe"C:\Users\Admin\AppData\Local\Temp\0d8b76317dbfa4482bc07bc247df8f25.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\0d8b76317dbfa4482bc07bc247df8f25.exe" "0d8b76317dbfa4482bc07bc247df8f25.exe" ENABLE2⤵
- Modifies Windows Firewall