Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
04/10/2023, 07:08
Static task
static1
Behavioral task
behavioral1
Sample
빨간펜.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
빨간펜.exe
Resource
win10v2004-20230915-en
General
-
Target
빨간펜.exe
-
Size
258KB
-
MD5
9ecaa57b13565fb5c99a94cf6d0088de
-
SHA1
e5f9e45d1050b89e9cadc74a60455f3c4dfe4ff9
-
SHA256
570c9d08be0d35e319bfa9e00656734ad985eb05e8f99c7ae5156468c9f274e7
-
SHA512
35a0cf585ee0b02347062cb1c9a4b1e6bd33de4d8884fa173e6cea432ffcddf755a3ceee924d7210232c3869c2c5ec7ffa12a21be44bafb2fe10d50d38bb578b
-
SSDEEP
6144:QMX+ZwNPbMIFMUJ3IInUchQkFpVgFmH9PV0z2sdP:jOZwbZ3IoGkFpVga9Phsp
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 1368 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\빨간펜.exe"C:\Users\Admin\AppData\Local\Temp\빨간펜.exe"1⤵PID:1044
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4476
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD51a793dd6649b9088b0e510f0a19ced2f
SHA1934c88e9cc56da330f20502fefdba46b2c15bc28
SHA2568f77e95e093b9a748c02b5bd556b9338e350f975335f9df256ebef5b6d6026e9
SHA5128e158ac02a43bb9b3721227369c86e108c993d16feff597e895d4d6753efd29fa07e7f56796f2c2e93ce322b3f163d0eb792d4b893957f1fc9e74c83e70624b5