Analysis
-
max time kernel
147s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 23:25
Behavioral task
behavioral1
Sample
Server.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
Server.exe
-
Size
93KB
-
MD5
f9b6ad30be032ceb2b5e39aaccafb559
-
SHA1
1727e623b758d12d165b234b3de37c23367c7fe5
-
SHA256
794e704c7eae31565db2f0474afdd29c856064d83924931f14df2a0753e78f65
-
SHA512
f5e5bf5dca7b84c28b93eda9deff5a703da1e289ee66599447fc8078764a998de15a9ecb7da2aa9d087300d6ec74cf8b870e3769cde44a691b4e9ea68764d571
-
SSDEEP
768:PY33UYSgmnldjcRoMwrx7Y+DIkIITJbXX0pOt8ux82WXxrjEtCdnl2pi1Rz4Rk3c:2Ummlbrq+1NTZ0OojEwzGi1dDND4gS
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
pid Process 2520 netsh.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2328 Server.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: SeDebugPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe Token: 33 2328 Server.exe Token: SeIncBasePriorityPrivilege 2328 Server.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2328 wrote to memory of 2520 2328 Server.exe 28 PID 2328 wrote to memory of 2520 2328 Server.exe 28 PID 2328 wrote to memory of 2520 2328 Server.exe 28 PID 2328 wrote to memory of 2520 2328 Server.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Server.exe" "Server.exe" ENABLE2⤵
- Modifies Windows Firewall
PID:2520
-