Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 08:47
Behavioral task
behavioral1
Sample
8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe
Resource
win7-20231129-en
4 signatures
150 seconds
General
-
Target
8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe
-
Size
29KB
-
MD5
aaf00b53df385ee3e4a34e3712ec0636
-
SHA1
f6e75b61bef2a1075eae83790dedb0dc41e26acf
-
SHA256
8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521
-
SHA512
b49ff6ff7f2045de7b938d6cf0b7777258559d209d43b5b8bf0743e224e163d91f40d9b10ae09d7e46dc0b9c00ad0636933c898ae84b0be42cd0fc8071edfb6e
-
SSDEEP
768:AJ9YS3WB+eetzo8ao3uqzAKxwGrdSEy5Z:09hWetzZuewmkZ
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
pid Process 2000 netsh.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: SeDebugPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2244 wrote to memory of 2000 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 28 PID 2244 wrote to memory of 2000 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 28 PID 2244 wrote to memory of 2000 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 28 PID 2244 wrote to memory of 2000 2244 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe"C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe" "8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe" ENABLE2⤵
- Modifies Windows Firewall
PID:2000
-