Analysis
-
max time kernel
107s -
max time network
10s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
28/12/2023, 21:48
General
-
Target
fa8615c5504befcbc1f4ce79192a61d2.exe
-
Size
12KB
-
MD5
fa8615c5504befcbc1f4ce79192a61d2
-
SHA1
1e263d11dececbea3c38ad1e70deecf60126b250
-
SHA256
79198e97e7cb4d8d70333bd042ebf72e0ed05199a5b3ee6a0f2763b997a0eb84
-
SHA512
0b8be5d6938efa2d0b206cc6e64938e20e2a04c3d66705599dd1c6e740eeb92efa0d34e2c42e3b814186c6965858921d656db300289ca35827cd473617851c83
-
SSDEEP
384:0gX0VjE9t5K4gqSLAz+FA+qPyiNpY2x6AxT+:NX0+DpSLZA+4pY66WT+
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa8615c5504befcbc1f4ce79192a61d2.exe"C:\Users\Admin\AppData\Local\Temp\fa8615c5504befcbc1f4ce79192a61d2.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\fa8615c5504befcbc1f4ce79192a61d2.exe"2⤵
-
-
C:\Program Files\NetMeeting\ravcqmon.exe"C:\Program Files\NetMeeting\ravcqmon.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵