Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-02-2024 12:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
abda5b2ed5d946a343b27ea27b1ccf3e.exe
Resource
win7-20240221-en
windows7-x64
18 signatures
150 seconds
General
-
Target
abda5b2ed5d946a343b27ea27b1ccf3e.exe
-
Size
332KB
-
MD5
abda5b2ed5d946a343b27ea27b1ccf3e
-
SHA1
e3330cf1e3daaae54b9160c60f94b3269d6c1f82
-
SHA256
e2b97a5b474cbab359bcb16c2cbe6bbf0b18190feb9790916f18ad8d5cd66586
-
SHA512
82badf7e1c214357b3a0d021cf09efcb129381c1002d4f60f988b2abe68ba48bd23c51af67525ac020522676d5d602181fa8929949b1637053e043a1f7ae8752
-
SSDEEP
6144:JNLJzaQMJu4NgX1UWMlOvYSWctgHf7lJe/DhSnFCxzAd:JNLJz8Juk4iWMlOvv+TQ4nAo
Malware Config
Signatures
-
Processes:
abda5b2ed5d946a343b27ea27b1ccf3e.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" abda5b2ed5d946a343b27ea27b1ccf3e.exe -
Disables RegEdit via registry modification 1 IoCs
Processes:
abda5b2ed5d946a343b27ea27b1ccf3e.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" abda5b2ed5d946a343b27ea27b1ccf3e.exe -
Disables Task Manager via registry modification
-
Processes:
abda5b2ed5d946a343b27ea27b1ccf3e.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA abda5b2ed5d946a343b27ea27b1ccf3e.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" abda5b2ed5d946a343b27ea27b1ccf3e.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
abda5b2ed5d946a343b27ea27b1ccf3e.exepid process 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
abda5b2ed5d946a343b27ea27b1ccf3e.exedescription pid process Token: SeDebugPrivilege 2112 abda5b2ed5d946a343b27ea27b1ccf3e.exe -
System policy modification 1 TTPs 1 IoCs
Processes:
abda5b2ed5d946a343b27ea27b1ccf3e.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" abda5b2ed5d946a343b27ea27b1ccf3e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\abda5b2ed5d946a343b27ea27b1ccf3e.exe"C:\Users\Admin\AppData\Local\Temp\abda5b2ed5d946a343b27ea27b1ccf3e.exe"1⤵
- UAC bypass
- Disables RegEdit via registry modification
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2112-0-0x0000000074AD0000-0x0000000075081000-memory.dmpFilesize
5.7MB
-
memory/2112-1-0x0000000074AD0000-0x0000000075081000-memory.dmpFilesize
5.7MB
-
memory/2112-2-0x0000000000FB0000-0x0000000000FC0000-memory.dmpFilesize
64KB
-
memory/2112-4-0x0000000074AD0000-0x0000000075081000-memory.dmpFilesize
5.7MB