Overview

overview

7

Static

static

Coder.exe

windows7-x64

1

Coder.exe

windows10-2004-x64

1

Ghost[1].js

windows7-x64

1

Ghost[1].js

windows10-2004-x64

1

Ghost[2].ps1

windows7-x64

1

Ghost[2].ps1

windows10-2004-x64

1

Ghost[3].js

windows7-x64

1

Ghost[3].js

windows10-2004-x64

1

Ghost[4].cpl

windows7-x64

1

Ghost[4].cpl

windows10-2004-x64

1

Ghost[5].cpl

windows7-x64

1

Ghost[5].cpl

windows10-2004-x64

1

Ghost[6].cpl

windows7-x64

1

Ghost[6].cpl

windows10-2004-x64

1

Ghost[o].cpl

windows7-x64

1

Ghost[o].cpl

windows10-2004-x64

1

Ghost[x].cpl

windows7-x64

1

Ghost[x].cpl

windows10-2004-x64

1

ghostS.exe

windows7-x64

6

ghostS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    170s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ghost[5].cpl

  • Size

    1KB

  • MD5

    7b1ab2c7b5811eebf10c469531bd8248

  • SHA1

    b34e2c7a743ec674a282fe20488e6b08ef6fcdc5

  • SHA256

    85bac8a327249cc9e4e7d49b2a92a115c4b985d2ce8db1f14abb702c59e28ebd

  • SHA512

    7cfd555416cdb9f31580596b088b89e84255e65fe9f9b549556ed34a221dfce24b42c7f80b3f6361faeab3cf50ab58d3b7bc7dccce4220f4cb4968bfb6e940ae

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\control.exe
    control.exe C:\Users\Admin\AppData\Local\Temp\Ghost[5].cpl
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Users\Admin\AppData\Local\Temp\Ghost[5].cpl
      2⤵
        PID:2628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads