Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03/02/2024, 08:47
Behavioral task
behavioral1
Sample
8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe
Resource
win7-20231129-en
4 signatures
150 seconds
General
-
Target
8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe
-
Size
29KB
-
MD5
aaf00b53df385ee3e4a34e3712ec0636
-
SHA1
f6e75b61bef2a1075eae83790dedb0dc41e26acf
-
SHA256
8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521
-
SHA512
b49ff6ff7f2045de7b938d6cf0b7777258559d209d43b5b8bf0743e224e163d91f40d9b10ae09d7e46dc0b9c00ad0636933c898ae84b0be42cd0fc8071edfb6e
-
SSDEEP
768:AJ9YS3WB+eetzo8ao3uqzAKxwGrdSEy5Z:09hWetzZuewmkZ
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
pid Process 964 netsh.exe -
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: SeDebugPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: 33 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe Token: SeIncBasePriorityPrivilege 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4184 wrote to memory of 964 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 89 PID 4184 wrote to memory of 964 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 89 PID 4184 wrote to memory of 964 4184 8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe"C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4184 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe" "8be7871aecfc2e3039cefaeab9954a4ee7903ece4099bfa295936b030764f521.exe" ENABLE2⤵
- Modifies Windows Firewall
PID:964
-