Analysis
-
max time kernel
50s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
24/12/2023, 23:47
General
-
Target
1aa76ffaabc0b409f24ed5d0ea846322.exe
-
Size
156KB
-
MD5
1aa76ffaabc0b409f24ed5d0ea846322
-
SHA1
8727d57b16baa2a5ced8661d5156f332f8ea1815
-
SHA256
e244a34432a3d1e2c62a9b7d3e1aa41d38fffa4a28695d116bf570fe62aa1541
-
SHA512
b42d3864f5f79846bfa6e4599e61b9a2029180a8663cf6e104fd757efdaa14ee000d97d5f8d6110dd0fa265f71564f896b3c7b277c1685fceea8fa77b9e64f8b
-
SSDEEP
1536:B1t/PfBr9GiL15M6UbbCp39yX2tHZ7bt0i6pZYmcfgT6:B7Zr9/5M6UvCpLtH5bt05pZYm1O
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1aa76ffaabc0b409f24ed5d0ea846322.exe"C:\Users\Admin\AppData\Local\Temp\1aa76ffaabc0b409f24ed5d0ea846322.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /u /s scpsssh2.dll2⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /u /s c:\windows\syswow64\scpsssh2.dll2⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /u /s c:\windows\syswow64\scpsssh2.dll2⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /u /s scpsssh2.dll2⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /u /s c:\windows\syswow64\scpsssh2.dll2⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /u /s scpsssh2.dll2⤵
-