Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-02-2024 23:25

General

  • Target

    Server.exe

  • Size

    93KB

  • MD5

    f9b6ad30be032ceb2b5e39aaccafb559

  • SHA1

    1727e623b758d12d165b234b3de37c23367c7fe5

  • SHA256

    794e704c7eae31565db2f0474afdd29c856064d83924931f14df2a0753e78f65

  • SHA512

    f5e5bf5dca7b84c28b93eda9deff5a703da1e289ee66599447fc8078764a998de15a9ecb7da2aa9d087300d6ec74cf8b870e3769cde44a691b4e9ea68764d571

  • SSDEEP

    768:PY33UYSgmnldjcRoMwrx7Y+DIkIITJbXX0pOt8ux82WXxrjEtCdnl2pi1Rz4Rk3c:2Ummlbrq+1NTZ0OojEwzGi1dDND4gS

Score
8/10

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Server.exe
    "C:\Users\Admin\AppData\Local\Temp\Server.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Server.exe" "Server.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2328-0-0x0000000074610000-0x0000000074BBB000-memory.dmp

    Filesize

    5.7MB

  • memory/2328-1-0x0000000000230000-0x0000000000270000-memory.dmp

    Filesize

    256KB

  • memory/2328-2-0x0000000074610000-0x0000000074BBB000-memory.dmp

    Filesize

    5.7MB

  • memory/2328-4-0x0000000074610000-0x0000000074BBB000-memory.dmp

    Filesize

    5.7MB

  • memory/2328-5-0x0000000000230000-0x0000000000270000-memory.dmp

    Filesize

    256KB