48ec2fa2905903a527975c53bc67e4889bea46e5e73127b18728bb804a503ad3

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3752f527d3fe33f8098bee55fe3f6c8b.exe
Size

616KB
MD5

3752f527d3fe33f8098bee55fe3f6c8b
SHA1

a707021c5b1055b3f42004646906acf3a26fb97b
SHA256

48ec2fa2905903a527975c53bc67e4889bea46e5e73127b18728bb804a503ad3
SHA512

437cb1f61c19e7a58187e8e17e95d728b8a999c4b75cb4b6f6cf74454f3157aa18755c0058c5ff194a0d13273349d50690d5a608d50441549fc1523fb4696b17
SSDEEP

12288:FxGTvNd5+Y8O/ZTqcHXuHX8apI8cLb/J1NTyYh:FxEd1Tm0XM8au5v7NT5

Score

10^/10

evasion trojan

Malware Config

Signatures

Windows security bypass 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	3752f527d3fe33f8098bee55fe3f6c8b.exe

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	3752f527d3fe33f8098bee55fe3f6c8b.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeSecurityPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeTakeOwnershipPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeLoadDriverPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeSystemProfilePrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeSystemtimePrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeProfSingleProcessPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeIncBasePriorityPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeCreatePagefilePrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeBackupPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeRestorePrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeShutdownPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeDebugPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeSystemEnvironmentPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeChangeNotifyPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeRemoteShutdownPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeUndockPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeManageVolumePrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeImpersonatePrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: SeCreateGlobalPrivilege	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: 33	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: 34	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: 35	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe
Token: 36	2672	3752f527d3fe33f8098bee55fe3f6c8b.exe

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern\NoControlPanel = "1"	3752f527d3fe33f8098bee55fe3f6c8b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion	3752f527d3fe33f8098bee55fe3f6c8b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern	3752f527d3fe33f8098bee55fe3f6c8b.exe

C:\Users\Admin\AppData\Local\Temp\3752f527d3fe33f8098bee55fe3f6c8b.exe
"C:\Users\Admin\AppData\Local\Temp\3752f527d3fe33f8098bee55fe3f6c8b.exe"
1⤵
- Windows security bypass
- Windows security modification
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2672-0-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2672-1-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-2-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-3-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-4-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2672-5-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-6-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-7-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-8-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-9-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-10-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-11-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-12-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-13-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-14-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-15-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/2672-16-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads