Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30/05/2024, 01:16
General
-
Target
a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad.exe
-
Size
182KB
-
MD5
01f2128134a3f10b34844758ecaf6221
-
SHA1
dd1c0bc149abd29d6ba62a61e6e2014d631497e9
-
SHA256
a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad
-
SHA512
6d957ec8feeb298cfa23f7d932286bc2e1abe9ec057fee288cd8c522d9099199111bff9e55738a3a2aea49b8a9ab98a426247c05ef1038bed3d6b456e8d912a6
-
SSDEEP
3072:W++Y/lmp5JrIaLHv67rhIQDR3Y9lNVZTzW1Pl2eo2uGFXHaD6SCxkbT3z2J:iY/lmp5Z567raQqlNT3EtDuGHaDZTz2J
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 2 IoCs
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad.exe"C:\Users\Admin\AppData\Local\Temp\a5b7db963d695f619ea3cd6bc1280cb3d0a235043fafc128193a07de5b21a4ad.exe"1⤵
- Modifies firewall policy service
- Adds policy Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
293KB
MD527ffd6c0b721ec59f73ecfd2264bc890
SHA1ec47e1186426d28f22f515c2146673e4c9b43b64
SHA25651dc640dd2a7958e43dbc634e6c4fe343042f3d497a3d67efc61079fbaac367a
SHA5120e60799a7bf9d60e69cab3d105821749604be7b5d579578a7cdc90d4596065fb8b8912157958a31d80ae838400e266039fc21de11e9aee7b67a2d55624828e02