Overview

overview

10

Static

static

3

4f01950be1...97.exe

windows7-x64

10

4f01950be1...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f01950be1af645812ef894060589297.exe

  • Size

    79KB

  • MD5

    4f01950be1af645812ef894060589297

  • SHA1

    6eb40d133e27baff5b907e561cfe44112b776dda

  • SHA256

    51e8ac86d15128644d5a6432b41ec16d7ec6d6825852a1809f4f09369c0591b4

  • SHA512

    ae5c95f718e9416fb0b477edfb6a6ff9a82b5506a8f757e33311432b55eaad1316268b7afe20da2e2b031c259c990cf93fc02ed1bc639060de25711822af4027

  • SSDEEP

    1536:eoh4LbjnKc+QnPhkqV4Ca9Ia6IKIAYzNnQJFIsWNcdWAd249Cq/o:In84Ph1deI7LIpw7WAd2wC0o

Score
10/10
golddragonbackdoor

Malware Config

Signatures

  • GoldDragon

    GoldDragon is a second-stage backdoor attributed to Kimsuky.

    backdoorgolddragon
  • Checks system information in the registry 2 TTPs 1 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f01950be1af645812ef894060589297.exe
    "C:\Users\Admin\AppData\Local\Temp\4f01950be1af645812ef894060589297.exe"
    1⤵
    • Checks system information in the registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads