Analysis
-
max time kernel
148s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-10-2024 19:04
General
-
Target
Server.exe
-
Size
40KB
-
MD5
d68c05c79e88c0778ccbd2dd61d8e51e
-
SHA1
ab6161248a94b0bca947a252a2a9da0c4a2e18d4
-
SHA256
bc228f9d761133c53a25e3a7fbd7a599a6e028b5e59730bd33c3c0bbdc367d96
-
SHA512
6447a9504828e4a196e984dafc8c364d261022146875f252c91b387fcc0c968050f253c57f586e36439940c47ea0e18fd10ad6f9a7964b40cd41acd94b541ceb
-
SSDEEP
768:SRriitlfEX65LCWQI4iAOuQdOsVhyV6QM3DI:SRriitlg1I4NOuchyET
Score
8/10
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 13 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Server.exe" "Server.exe" ENABLE2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB