Analysis
-
max time kernel
94s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
12/10/2022, 16:17
General
-
Target
f3d46c0d40e82a69940ebe6b2569806a996c073a579ef6695a09bc06656c13af.exe
-
Size
48KB
-
MD5
6c2347796be6fd104ef5b03e101d9264
-
SHA1
f065b44d598688b09c27c6e466e3de2e7446a3fd
-
SHA256
f3d46c0d40e82a69940ebe6b2569806a996c073a579ef6695a09bc06656c13af
-
SHA512
34eb627c37923b3cf149337eebfdc5d028193752cfd514c18e9d00d1fcdc60ccd0d14056e8c7101f2b35c9dd0ea424306082ecc3f9bb18e582beb841064d7c24
-
SSDEEP
384:q+kk30kshqdiy1V6EqP4NTJD+j0updC4sq+ssRAaNl9bUInN8xwt9TYywjn:q+LsgdiyV6bwNTJDX7zdx5Nuwtd9wj
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3d46c0d40e82a69940ebe6b2569806a996c073a579ef6695a09bc06656c13af.exe"C:\Users\Admin\AppData\Local\Temp\f3d46c0d40e82a69940ebe6b2569806a996c073a579ef6695a09bc06656c13af.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{F25A484C-D9AD-B910-3A37-39B6E19DB429}" /f2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\F3D46C~1.EXE > nul2⤵
-