Analysis
-
max time kernel
134s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27/05/2024, 12:32
General
-
Target
143533ec1e9224d7811d745dcb6ef6d91383506adfd6ccc180dc2500d92761d5.exe
-
Size
303KB
-
MD5
535a5f46d219898317ae0b7b846ea262
-
SHA1
87eeea76f38ec40d91b9b6d0fa58c6e0c3d830a8
-
SHA256
143533ec1e9224d7811d745dcb6ef6d91383506adfd6ccc180dc2500d92761d5
-
SHA512
21aee8828065334fc5fe879f2ab98072b2bf5705fe0a442170e1525cc9300678ea37edbfb6fde42fd638e8bba032117bf2a9172dda83c28683d53beb8098bc5e
-
SSDEEP
6144:o6TzXnE5OggxUOm/7Rw+AHpr5svVJ7PAtP/m8nMb3:o6/XnFggK/FdAJr5svVRYt9Mb
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies firewall policy service 2 TTPs 3 IoCs
-
Modifies security service 2 TTPs 3 IoCs
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 6 IoCs
-
Drops startup file 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 6 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\143533ec1e9224d7811d745dcb6ef6d91383506adfd6ccc180dc2500d92761d5.exe"C:\Users\Admin\AppData\Local\Temp\143533ec1e9224d7811d745dcb6ef6d91383506adfd6ccc180dc2500d92761d5.exe"1⤵
- Modifies WinLogon for persistence
- Modifies firewall policy service
- Modifies security service
- UAC bypass
- Windows security bypass
- Drops startup file
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4436,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
244KB
-
Filesize
96KB
-
Filesize
1024KB
-
Filesize
74.1MB
-
Filesize
1024KB
-
Filesize
244KB