Analysis
-
max time kernel
23s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 18:29
Behavioral task
behavioral1
Sample
Sena.exe
Resource
win7-20240220-en
7 signatures
30 seconds
General
-
Target
Sena.exe
-
Size
661KB
-
MD5
c4cbee0a201dbd8a73d4cbf3a2cda032
-
SHA1
1c47fb6372bf468386dc4296b7d4848653ac6586
-
SHA256
6692ae7b22a57bff5df25a90c397e5c1251f1749545bf194026e72dd991d371c
-
SHA512
ed4507ffbde0cc4fd47652b5b56d7caba761c7d759a0987c11f5cd080b84b233d0bdbfb250890c23a592e3932097e95158f06251b6ac9061608e7a9d130b545a
-
SSDEEP
12288:DLV6BtpmkZPhWK3toMN4gatGC3yLx8NKMH1eyJ2ar9aJUPjsYntSZ6:nApf7fItk1MVeyNr9+Kj7A
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Sena.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TCP Subsystem = "C:\\Program Files (x86)\\TCP Subsystem\\tcpss.exe" Sena.exe -
Processes:
Sena.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Sena.exe -
Drops file in Program Files directory 2 IoCs
Processes:
Sena.exedescription ioc process File created C:\Program Files (x86)\TCP Subsystem\tcpss.exe Sena.exe File opened for modification C:\Program Files (x86)\TCP Subsystem\tcpss.exe Sena.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
Sena.exepid process 2308 Sena.exe 2308 Sena.exe 2308 Sena.exe 2308 Sena.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Sena.exepid process 2308 Sena.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Sena.exedescription pid process Token: SeDebugPrivilege 2308 Sena.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sena.exe"C:\Users\Admin\AppData\Local\Temp\Sena.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2308-0-0x0000000074BC1000-0x0000000074BC2000-memory.dmpFilesize
4KB
-
memory/2308-1-0x0000000074BC0000-0x000000007516B000-memory.dmpFilesize
5.7MB
-
memory/2308-2-0x0000000074BC0000-0x000000007516B000-memory.dmpFilesize
5.7MB
-
memory/2308-7-0x0000000074BC0000-0x000000007516B000-memory.dmpFilesize
5.7MB