36e65da4fdc760a3268c45133db5b563a9b86d96e1278942da524816a0c4dacc

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97d055e474911c04afd0e97694aab1d1.exe
Size

652KB
MD5

97d055e474911c04afd0e97694aab1d1
SHA1

2321136087ac71bbc7bbbd7170252c316f50b2a4
SHA256

36e65da4fdc760a3268c45133db5b563a9b86d96e1278942da524816a0c4dacc
SHA512

c4869d0a425ec61a38cb5ecfa744358fa4e1ffbe4b6f49b3c03983c17131c2983cdb9fb4c5df9c0b6e1d0edc289f116a49ca955a817172ea0f3aa195fc6c6d9a
SSDEEP

12288:pVbQFyGqdiCV1OtuyZ3FKrHs3E5t5Kz3HbonyyCA4i6iNNYI++lR0:pAyNgCfwuyZ3FKrHs3E5tMLUyyBz6tP

Score

8^/10

persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\97d055e474911c04afd0e97694aab1d1\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\97d055e474911c04afd0e97694aab1d1.sys"	97d055e474911c04afd0e97694aab1d1.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\{A06D73B6-A7BE-4A75-8030-E7BB3C5BD1C7}\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\97d055e474911c04afd0e97694aab1d1.sys"	97d055e474911c04afd0e97694aab1d1.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
2480	97d055e474911c04afd0e97694aab1d1.exe
2480	97d055e474911c04afd0e97694aab1d1.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2480	97d055e474911c04afd0e97694aab1d1.exe
Token: SeLoadDriverPrivilege	2480	97d055e474911c04afd0e97694aab1d1.exe

C:\Users\Admin\AppData\Local\Temp\97d055e474911c04afd0e97694aab1d1.exe
"C:\Users\Admin\AppData\Local\Temp\97d055e474911c04afd0e97694aab1d1.exe"
1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads