Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
20-10-2023 05:57
Behavioral task
behavioral1
Sample
C3B5CC4ED4B775143B12CA08E878787F.exe
Resource
win7-20230831-en
4 signatures
150 seconds
General
-
Target
C3B5CC4ED4B775143B12CA08E878787F.exe
-
Size
246KB
-
MD5
c3b5cc4ed4b775143b12ca08e878787f
-
SHA1
0708486896cd80edcebf80ac87ec1d0108b7909b
-
SHA256
5fe4966a0f2d38702c2451af0e2d7c00d2e8ce33ce3a67a51789e609a4295106
-
SHA512
d21061ba6212684fbd855b69661e33520c2845985d3bbd3f70eb45bc348a01b0e2ef0dc908d04e4ed9bd5da5d243ed9020b74550bba0c7a0525254ff4d254c25
-
SSDEEP
6144:Gakg3/aBDYKNmyzjgl3AcS7xGvRNxzaj2w:1h3CxYKNm+sl5GGXTw
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
Processes:
C3B5CC4ED4B775143B12CA08E878787F.exedescription pid process Token: SeDebugPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: 33 2352 C3B5CC4ED4B775143B12CA08E878787F.exe Token: SeIncBasePriorityPrivilege 2352 C3B5CC4ED4B775143B12CA08E878787F.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
C3B5CC4ED4B775143B12CA08E878787F.exedescription pid process target process PID 2352 wrote to memory of 2332 2352 C3B5CC4ED4B775143B12CA08E878787F.exe netsh.exe PID 2352 wrote to memory of 2332 2352 C3B5CC4ED4B775143B12CA08E878787F.exe netsh.exe PID 2352 wrote to memory of 2332 2352 C3B5CC4ED4B775143B12CA08E878787F.exe netsh.exe PID 2352 wrote to memory of 2332 2352 C3B5CC4ED4B775143B12CA08E878787F.exe netsh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\C3B5CC4ED4B775143B12CA08E878787F.exe"C:\Users\Admin\AppData\Local\Temp\C3B5CC4ED4B775143B12CA08E878787F.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\C3B5CC4ED4B775143B12CA08E878787F.exe" "C3B5CC4ED4B775143B12CA08E878787F.exe" ENABLE2⤵
- Modifies Windows Firewall
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2352-0-0x0000000074CB0000-0x000000007525B000-memory.dmpFilesize
5.7MB
-
memory/2352-1-0x0000000074CB0000-0x000000007525B000-memory.dmpFilesize
5.7MB
-
memory/2352-2-0x0000000002020000-0x0000000002060000-memory.dmpFilesize
256KB
-
memory/2352-3-0x0000000074CB0000-0x000000007525B000-memory.dmpFilesize
5.7MB
-
memory/2352-4-0x0000000074CB0000-0x000000007525B000-memory.dmpFilesize
5.7MB