Overview

overview

10

Static

static

gayporn.exe

windows7_x64

10

gayporn.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    13-05-2022 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gayporn.exe

  • Size

    185KB

  • MD5

    dc73d106133d7f4652a22a2ba5838bab

  • SHA1

    1a24617b06b8c7a694ee6fef57d454ba9dad72fb

  • SHA256

    219f75d798f48a66a7643cacca827cd6d9fbf72af8dfaa05b88cb0538a7864f7

  • SHA512

    39f6cf4c0d3c27bd690846ee6893e12ef6d6e13e6b975cf65c69f786fda2baa4c17e681b9f5fc5da9a21e7a5a7214f9c4393b344828104234bbf9d1d022b8c4a

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)

    suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)

    suricata
  • Downloads MZ/PE file
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gayporn.exe
    "C:\Users\Admin\AppData\Local\Temp\gayporn.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1088-130-0x0000000000FD0000-0x0000000001008000-memory.dmp
    Filesize

    224KB

    Download