Analysis
-
max time kernel
43s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
03/12/2022, 05:21
General
-
Target
c68a58e7687d8f6bcce408978551522bb96682ee4ed5ce9f9c60be0ce867e4d6.exe
-
Size
40KB
-
MD5
055cb8b653aabbad6567c05935055ac1
-
SHA1
c89a44581ee32f912b0e35b6722a4445442db89e
-
SHA256
c68a58e7687d8f6bcce408978551522bb96682ee4ed5ce9f9c60be0ce867e4d6
-
SHA512
123187d48d5e516d2b19f211620d2af79b90955dfd4ed42c40c8aaadc87fd2227f52d00e0d6750707e1f66b21ff5333b0e8ab17b6d7d87c59115a5cfa965946b
-
SSDEEP
384:cDg+BMTwGtvpbuHby1eaIH+GeAA9ae27fHqLCQM8/s0I4CVX0ee6NnS6XXGwtTr:Pi0tvVuHbyeayDedwxfHSmRlxS6X2wt/
Score
8/10
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 2 IoCs
-
Deletes itself 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c68a58e7687d8f6bcce408978551522bb96682ee4ed5ce9f9c60be0ce867e4d6.exe"C:\Users\Admin\AppData\Local\Temp\c68a58e7687d8f6bcce408978551522bb96682ee4ed5ce9f9c60be0ce867e4d6.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{66BEDE2F-35F3-2B1C-B878-B9FD78757E65}" /f2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\C68A58~1.EXE > nul2⤵
- Deletes itself
-