Analysis
-
max time kernel
152s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
13-05-2022 17:44
Static task
static1
Behavioral task
behavioral1
Sample
gayporn.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gayporn.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
gayporn.exe
-
Size
185KB
-
MD5
dc73d106133d7f4652a22a2ba5838bab
-
SHA1
1a24617b06b8c7a694ee6fef57d454ba9dad72fb
-
SHA256
219f75d798f48a66a7643cacca827cd6d9fbf72af8dfaa05b88cb0538a7864f7
-
SHA512
39f6cf4c0d3c27bd690846ee6893e12ef6d6e13e6b975cf65c69f786fda2baa4c17e681b9f5fc5da9a21e7a5a7214f9c4393b344828104234bbf9d1d022b8c4a
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
suricata: ET MALWARE Observed Zingo/GinzoStealer CnC Domain (nominally .ru in TLS SNI)
-
Downloads MZ/PE file
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
gayporn.exedescription pid process Token: SeDebugPrivilege 1088 gayporn.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1088-130-0x0000000000FD0000-0x0000000001008000-memory.dmpFilesize
224KB