Analysis
-
max time kernel
136s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 04:39
General
-
Target
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef.exe
-
Size
5.0MB
-
MD5
79b2dce444347169977d7fa87137f839
-
SHA1
239779f6b48824a9e7626f6aa3c306c08eb244dd
-
SHA256
1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef
-
SHA512
73d68bf150662bb78ceb913dd54d5fe2414aed37769dd453102eb4ac9ea5fc565fbd45ecd9ba4e95422ba191ff0f8d1544d6fcb715b6c51fac5bbe1cc805346f
Score
10/10
Malware Config
Signatures
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba Payload 1 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef.exe"C:\Users\Admin\AppData\Local\Temp\1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef.exe"C:\Users\Admin\AppData\Local\Temp\1ea3c3acb4c6e533907cc7bdafd5cb4bd5e8294b717803e86b57c925d5992aef.exe"2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/376-132-0x0000000000000000-mapping.dmp
-
memory/1208-130-0x0000000002E73000-0x000000000320B000-memory.dmpFilesize
3.6MB
-
memory/1208-131-0x0000000000400000-0x0000000000AE9000-memory.dmpFilesize
6.9MB