Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
26/01/2024, 11:59
General
-
Target
774c73f1a4162f3eb2cb6515f532d538.exe
-
Size
149KB
-
MD5
774c73f1a4162f3eb2cb6515f532d538
-
SHA1
9f6644757dcee2f03c1ef1569fb31be672130568
-
SHA256
5d4cff1c25f29bbf41f5697fac6bcadb5366082f05ea410f947e053f92a493bf
-
SHA512
4db9362fbe626a2c5d96dbdcc0b53fd16c01dc3a7a21337ba6c1f32bb50ea47c3027b6a00cf9cf914d29a3e8feb0a32cc188890691cac9639f8d3423e65d590e
-
SSDEEP
3072:J7fkPxoHQ+zhEsYhtlDnFukMtmLMCYgq05NRL/+EP2outKB77777J77c77c77c7:J78xow+zhEJDlDnfVqiT/h2oSKB7777e
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\774c73f1a4162f3eb2cb6515f532d538.exe"C:\Users\Admin\AppData\Local\Temp\774c73f1a4162f3eb2cb6515f532d538.exe"1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
436KB
-
Filesize
4KB
-
Filesize
436KB