a5a9ab964023fb681271d0dc10273d90788025cb6d946bdbd319293e0d7db450

Analysis

max time kernel
165s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

039baba64c7c8545bd50262ac191f8c5.exe
Size

62KB
MD5

039baba64c7c8545bd50262ac191f8c5
SHA1

ff5b113b1181d2cb41f518f1fb5473876b3e1f8c
SHA256

a5a9ab964023fb681271d0dc10273d90788025cb6d946bdbd319293e0d7db450
SHA512

a079998624b41f572ad13082c5d58c2ac76b9a043ff5aff0283f34aee9fb88fab28eb410258317eb420cbea4b10e25e1189c52fecd434374e6377bf772862db8
SSDEEP

384:vSePdDwWFWff/zVqkY5U3aOw73cfbw8nHsh51xq3UZU9w1xq3UZU92pd:6e1XWfn4kIUo3A8sHsXZU9qZU9g

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
4436	netsh.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 4808	3196	039baba64c7c8545bd50262ac191f8c5.exe	91
PID 3196 wrote to memory of 4808	3196	039baba64c7c8545bd50262ac191f8c5.exe	91
PID 3196 wrote to memory of 4808	3196	039baba64c7c8545bd50262ac191f8c5.exe	91
PID 4808 wrote to memory of 4436	4808	cmd.exe	93
PID 4808 wrote to memory of 4436	4808	cmd.exe	93
PID 4808 wrote to memory of 4436	4808	cmd.exe	93

C:\Users\Admin\AppData\Local\Temp\039baba64c7c8545bd50262ac191f8c5.exe
"C:\Users\Admin\AppData\Local\Temp\039baba64c7c8545bd50262ac191f8c5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c netsh firewall add portopening TCP 80 HTTP
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4808
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add portopening TCP 80 HTTP
    3⤵
    - Modifies Windows Firewall
    PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads