b2b1f374822e760b574cff680d989d0f229bdaf9029acacb2449162b92bbc16b

Analysis

max time kernel
4s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PortChecker.exe
Size

128KB
MD5

f9e1db23e7a2293a089963351994208d
SHA1

dd60e6052959bf6787e035ce4122f4b9f461ce14
SHA256

27a739ca787fa265624d3ab8a5311a0e0f7d39c79c3c5365aff25159b0bb8dd4
SHA512

7058767d13fc57534f437b6c077d70ced53a0a8f53a03259dc3cc513ab07809c04303db649ba368b67bddee854f78c8570aa46d5f468720caa26696a8d70bc8e
SSDEEP

1536:KENNZHJxxl+LxcZDWAy3OgHEtIyAq3Hoa35ecoNVkSQLVz4ZkNfG:pNHHgKZ4Et5lTRoNO5VEZkNe

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
2516	netsh.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1888	PortChecker.exe

C:\Users\Admin\AppData\Local\Temp\PortChecker.exe
"C:\Users\Admin\AppData\Local\Temp\PortChecker.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1888
- C:\Users\Admin\AppData\Roaming\smss.exe
  /d C:\Users\Admin\AppData\Local\Temp\PortChecker.exe
  2⤵
  PID:2512
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\smss.exe" CityScape Enable
  2⤵
  - Modifies Windows Firewall
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads