Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
12/03/2024, 07:35
General
-
Target
c2cdce6e69cc30c5d744601c5401aff8.exe
-
Size
13KB
-
MD5
c2cdce6e69cc30c5d744601c5401aff8
-
SHA1
8433179e9943699418d144551670f1c80a45dcb0
-
SHA256
863006a932d3830d2b98e308d07fbf46f263ec1542a11bb5b6b3b1f1af865ffb
-
SHA512
806099892d83c269fdede1b314852589154a03b05301011f8958a047cafa13effe8f8a8945446c38080fb873a00cf4cbc6bf718211f984137a24dcb9097b4206
-
SSDEEP
192:6iAObiJUEDmtRpxh4D3mm9CokY/qbSn8dPJqYYL3:6MbpUQLxOD34Cqu8mYYL3
Score
8/10
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c2cdce6e69cc30c5d744601c5401aff8.exe"C:\Users\Admin\AppData\Local\Temp\c2cdce6e69cc30c5d744601c5401aff8.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall set allowedprogram 'C:\Users\Admin\AppData\Local\Temp\c2cdce6e69cc30c5d744601c5401aff8.exe' enable2⤵
- Modifies Windows Firewall
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
-
Filesize
212KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
212KB