Overview

overview

9

Static

static

7

IridiumGhost.exe

windows10-1703-x64

5

IridiumPatcher.exe

windows10-1703-x64

9

Kangaroo.dll

windows10-1703-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-03-2023 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IridiumGhost.exe

  • Size

    9.5MB

  • MD5

    4d05b8f89db009f8e2002ac5fd19d174

  • SHA1

    cb224c87d570a149612c7fe106ae07580c4cb4ca

  • SHA256

    f0ba1267dc727dd403569559eeb65acf4634fed094a4c6e2ac7c5e3d5c4ea962

  • SHA512

    a08f17d06548de621f3570127bedeafc4ae4a4eede5fd5aa530c822de3a9addddea5ddc068555e7cd82baa38c7d0c2d8a0cea06690c667dc2fa2ab800891aab0

  • SSDEEP

    196608:3Z9H90i670uKZNGZfpIgQ2Tr4zR0s85toyMW7HnHaIRqUFYn:p9dMQuKZNu82Trc0s85tXd6+qUq

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IridiumGhost.exe
    "C:\Users\Admin\AppData\Local\Temp\IridiumGhost.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2524-121-0x00007FFED00B0000-0x00007FFED00B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-122-0x00007FFED00C0000-0x00007FFED00C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-123-0x00007FFECFC50000-0x00007FFECFC52000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-124-0x00007FFECFC60000-0x00007FFECFC62000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-125-0x00007FFECD430000-0x00007FFECD432000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-126-0x00007FFECD440000-0x00007FFECD442000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-127-0x00007FFED00D0000-0x00007FFED00D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2524-128-0x0000000140000000-0x00000001413D8000-memory.dmp
    Filesize

    19.8MB

    Download