General
-
Target
22d15118aebbacd7e69a0dec6c29978bdd5a6ba24d9dbfbe055f0620e37d3c4a
-
Size
3.4MB
-
Sample
201109-wvz57kssme
-
MD5
442016bf1c6123cc40ff23c3637396c0
-
SHA1
cea8d515186cf94bdaa4f78bbf6f5b9db9125c9a
-
SHA256
22d15118aebbacd7e69a0dec6c29978bdd5a6ba24d9dbfbe055f0620e37d3c4a
-
SHA512
d95bc9ee83436c7967dbe59e6c5625737053adb074b45972a7855f03d3770d87edde332a8cf4aa02529330178be99005a7b0912e6929d284c685433694199727
Static task
static1
Behavioral task
behavioral1
Sample
22d15118aebbacd7e69a0dec6c29978bdd5a6ba24d9dbfbe055f0620e37d3c4a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
22d15118aebbacd7e69a0dec6c29978bdd5a6ba24d9dbfbe055f0620e37d3c4a.exe
Resource
win10v20201028
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
22d15118aebbacd7e69a0dec6c29978bdd5a6ba24d9dbfbe055f0620e37d3c4a
-
Size
3.4MB
-
MD5
442016bf1c6123cc40ff23c3637396c0
-
SHA1
cea8d515186cf94bdaa4f78bbf6f5b9db9125c9a
-
SHA256
22d15118aebbacd7e69a0dec6c29978bdd5a6ba24d9dbfbe055f0620e37d3c4a
-
SHA512
d95bc9ee83436c7967dbe59e6c5625737053adb074b45972a7855f03d3770d87edde332a8cf4aa02529330178be99005a7b0912e6929d284c685433694199727
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blacklisted process makes network request
-
Modifies RDP port number used by Windows
-
Possible privilege escalation attempt
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-