ead271e84adf5320ddf098aecacb9956b77a77d43266fe4db7a7d0e795abf5ff

Analysis

max time kernel
7s
max time network
111s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
30/06/2024, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ipServer.exe
Size

37KB
MD5

e055040e8da3d8e15703defa60bb2d56
SHA1

f9e63aa863f2be68808465adcfe234c8ba65b8cc
SHA256

ead271e84adf5320ddf098aecacb9956b77a77d43266fe4db7a7d0e795abf5ff
SHA512

1e854a3b0c1a0cc804072c567a46ae571ce58541270b408dcd76f0131fdef7230b1bd6f2ec66290d6f7786ea9826f18876405ef77ecce708c6d26eda811e28e3
SSDEEP

384:iVi5BkiypnDNGRn5IyUvQIlvNho/iGFIcrAF+rMRTyN/0L+EcoinblneHQM3epzv:wiS5M5jUvllwqGacrM+rMRa8Nuict

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3172	netsh.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ipServer.exe
"C:\Users\Admin\AppData\Local\Temp\ipServer.exe"
1⤵
PID:3288
- C:\Users\Admin\AppData\Local\Temp\SecurityHealthService.exe
  "C:\Users\Admin\AppData\Local\Temp\SecurityHealthService.exe"
  2⤵
  PID:2988
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\SecurityHealthService.exe" "SecurityHealthService.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SecurityHealthService.exe

Filesize
37KB

MD5
e055040e8da3d8e15703defa60bb2d56

SHA1
f9e63aa863f2be68808465adcfe234c8ba65b8cc

SHA256
ead271e84adf5320ddf098aecacb9956b77a77d43266fe4db7a7d0e795abf5ff

SHA512
1e854a3b0c1a0cc804072c567a46ae571ce58541270b408dcd76f0131fdef7230b1bd6f2ec66290d6f7786ea9826f18876405ef77ecce708c6d26eda811e28e3

Download Submit
memory/2988-12-0x00000000749A0000-0x0000000074F51000-memory.dmp

Filesize
5.7MB

Download
memory/2988-14-0x00000000749A0000-0x0000000074F51000-memory.dmp

Filesize
5.7MB

Download
memory/2988-20-0x00000000749A0000-0x0000000074F51000-memory.dmp

Filesize
5.7MB

Download
memory/3288-0-0x00000000749A1000-0x00000000749A2000-memory.dmp

Filesize
4KB

Download
memory/3288-1-0x00000000749A0000-0x0000000074F51000-memory.dmp

Filesize
5.7MB

Download
memory/3288-2-0x00000000749A0000-0x0000000074F51000-memory.dmp

Filesize
5.7MB

Download
memory/3288-13-0x00000000749A0000-0x0000000074F51000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads