Analysis
-
max time kernel
30s -
max time network
30s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 18:29
Behavioral task
behavioral1
Sample
Sena.exe
Resource
win7-20240220-en
7 signatures
30 seconds
General
-
Target
Sena.exe
-
Size
661KB
-
MD5
c4cbee0a201dbd8a73d4cbf3a2cda032
-
SHA1
1c47fb6372bf468386dc4296b7d4848653ac6586
-
SHA256
6692ae7b22a57bff5df25a90c397e5c1251f1749545bf194026e72dd991d371c
-
SHA512
ed4507ffbde0cc4fd47652b5b56d7caba761c7d759a0987c11f5cd080b84b233d0bdbfb250890c23a592e3932097e95158f06251b6ac9061608e7a9d130b545a
-
SSDEEP
12288:DLV6BtpmkZPhWK3toMN4gatGC3yLx8NKMH1eyJ2ar9aJUPjsYntSZ6:nApf7fItk1MVeyNr9+Kj7A
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Sena.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DPI Subsystem = "C:\\Program Files (x86)\\DPI Subsystem\\dpiss.exe" Sena.exe -
Processes:
Sena.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Sena.exe -
Drops file in Program Files directory 2 IoCs
Processes:
Sena.exedescription ioc process File created C:\Program Files (x86)\DPI Subsystem\dpiss.exe Sena.exe File opened for modification C:\Program Files (x86)\DPI Subsystem\dpiss.exe Sena.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
Sena.exepid process 916 Sena.exe 916 Sena.exe 916 Sena.exe 916 Sena.exe 916 Sena.exe 916 Sena.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Sena.exepid process 916 Sena.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Sena.exedescription pid process Token: SeDebugPrivilege 916 Sena.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sena.exe"C:\Users\Admin\AppData\Local\Temp\Sena.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-0-0x00000000750F2000-0x00000000750F3000-memory.dmpFilesize
4KB
-
memory/916-1-0x00000000750F0000-0x00000000756A1000-memory.dmpFilesize
5.7MB
-
memory/916-2-0x00000000750F0000-0x00000000756A1000-memory.dmpFilesize
5.7MB
-
memory/916-5-0x00000000750F0000-0x00000000756A1000-memory.dmpFilesize
5.7MB
-
memory/916-6-0x00000000750F2000-0x00000000750F3000-memory.dmpFilesize
4KB
-
memory/916-7-0x00000000750F0000-0x00000000756A1000-memory.dmpFilesize
5.7MB
-
memory/916-8-0x00000000750F0000-0x00000000756A1000-memory.dmpFilesize
5.7MB