Analysis
-
max time kernel
79s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 19:01
Static task
static1
Behavioral task
behavioral1
Sample
355d389f2405add9e25050aab4c0dc8873ab36091ccfbdee7b2d500c97b85ab4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
355d389f2405add9e25050aab4c0dc8873ab36091ccfbdee7b2d500c97b85ab4.exe
Resource
win10v2004-20220812-en
General
-
Target
355d389f2405add9e25050aab4c0dc8873ab36091ccfbdee7b2d500c97b85ab4.exe
-
Size
340KB
-
MD5
9c263fc708bea8f63204214d53167178
-
SHA1
7b3bb56cddc390b2795db9054fd6590577e55c6a
-
SHA256
355d389f2405add9e25050aab4c0dc8873ab36091ccfbdee7b2d500c97b85ab4
-
SHA512
4269e45b9d08d1976324459e9c714c961bc241dccb2eee56d370a350a73fb56e5d2a9317c7012a6276f47da80c9df2c46dde8337268de205d546f1aa578015bc
-
SSDEEP
6144:u9fWIJGsgB9OSpAvi4oUsfv2t6iMx0mb8RWbJRQFp:krgB9j82k5nF
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
355d389f2405add9e25050aab4c0dc8873ab36091ccfbdee7b2d500c97b85ab4.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" 355d389f2405add9e25050aab4c0dc8873ab36091ccfbdee7b2d500c97b85ab4.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs