Analysis
-
max time kernel
51s -
max time network
79s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
13-02-2023 21:34
General
-
Target
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
-
Size
160KB
-
MD5
0f9a0f87d345043fe299242869d0bd40
-
SHA1
9daec976b7832eb7d07aeb63dba737a3aec0e159
-
SHA256
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f
-
SHA512
fe767e65698df5d7c7a4e43b5740591be82020eb854acbc21ad880625e589ed5faaf1d9833bf2d2454e0711abc21f32196c4e78fb09905558dfd98757d574d8d
-
SSDEEP
3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvuYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/uzQqqDvFf
Score
10/10
Malware Config
Signatures
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe"C:\Users\Admin\AppData\Local\Temp\88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5481⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/848-55-0x000007FEFB6A1000-0x000007FEFB6A3000-memory.dmpFilesize
8KB
-
memory/1436-54-0x0000000075601000-0x0000000075603000-memory.dmpFilesize
8KB