ccdec18403c4454e607c277a8280d4a6cbf5534b5d972451f31d7cc62a15ae84 | Triage

Analysis

max time kernel
189s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 14:38

Sharing

Report Analysis Logs

General

Target

Ghost[x].cpl
Size

11KB
MD5

e971d36e9c007879fe02916b3322ed76
SHA1

d14f75bf6926740f00111b70ca8c697e1abb113b
SHA256

12078b5c9eb7ba705314521529949596af5f3692101ec41c3285b1ef8304df1a
SHA512

7e8f038a3fec902f50f79c89236677c1835cebf28fdcf989f20849bc61ebd08e3c12774b92b0d3c1245e5f3a8cfbaa232b16f3fc50b75843e511dcdc92f34cad
SSDEEP

192:6Jn8WdI3KBcb+S2ks+yFFHcWBBDuGlWdI3KBcb++FWh8zWlwXqe:6J8WdI3KBcb+Tks+yFFHcWBBDuGlWdIX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 2088	536	control.exe	83
PID 536 wrote to memory of 2088	536	control.exe	83

C:\Windows\system32\control.exe
control.exe C:\Users\Admin\AppData\Local\Temp\Ghost[x].cpl
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL C:\Users\Admin\AppData\Local\Temp\Ghost[x].cpl
  2⤵
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads